COMOUTER SECUTITY GROUP Q

PRESENTATION

1.BITC01/2046/ 2022 BRIAN KIPKOECH

2.BITC01/O887/2021 SULEIMAN CHIGODI
3.BCSC01/0011/2021 AUSTIN MBARIA
4.BCSC01/0031/2021 KEVIN LAGAT
QUESTIONS
1.Research on the criteria of information technology security assessment

2.When a Windows NTFS access control entry (ACE) is inherited by a subdirectory,

3.discuss under which circumstances is the “inherit only” flag set or cleared, and why.

4.Discuss the meaning of a system in the context of security engineering.

5.Discuss how access control lists are used to represent access control matrices.

6.Describe the environments in which they are widely used and their advantages and disadvantages

7.Research on the recent security threats on government systems in Kenya

1.Research on the criteria of information technology security assessment

Criteria for Information Technology Security Assessment An Information Technology Security Assessment (ITSA) evaluates the IT
infrastructure of an organization for its weaknesses, risks and other threats to the system. Some of the core criteria for ITSA
include but are not limited to:
Vulnerability Assessment: Analysis of systems, networks and applications for their weaknesses. * For example, One could be
poor configuration, each system is outdated, or passwords are weak.
Penetration Testing: The imitation of attacks to identify possible exploitable vulnerabilities. These employ a variety of
techniques including network scanning, port scanning and sometimes social engineering.
Risk Assessment: Determination of the magnitude of damage that vulnerabilities already identified could cause. This seeks to
know whether there’s a possibility of an attack and the damage it can inflict.
Compliance Assessment: Verifying that set industry benchmarks and regulations relevant to the site have all been met. * This is
sometimes the examination of security policies, procedures and configurations.
Security Policy Review: Effectiveness of a security policy and the corresponding procedures is assessed. Policies are assessed for
their clear and ease of the detail, comprehensive specification and what one will need for the enforce of policies. Revision of
policies and standard procedures for the containment of security breaches: Appraisal of damage containment and recovery
ability of the organization when its security is breached and an attack carried out. This includes the evaluation of incident
response plans – procedures and training.
Additional Considerations

Physical Security: This activity determines the available physical security controls in the organization such as access control,
requirements, CCTV systems, and environmental controls
Social Engineering Assessment: Evaluation target is the organization’s vulnerability to social engineering forms aimed at humans
such as phishing and pretexting.
Data Loss Prevention Policies: Enquiry on the possibilities of the organization to prevent loss of data for instance encryption.
Business Continuity and Disaster Recovery Plan: Evaluation of the ability of an organization to continue with its operations and
retrieving the former status after a disruption.
Cloud Security Risk Assessment: If concessive, evaluation of security issues of cloud-based services and infrastructure.
Mobile Device Security: Evaluation of security of mobile devices and their data.
Third Party Risk Assessment: Assessment of third-party vendors and partners’ security practices.
2.When a Windows NTFS access control entry (ACE) is inherited by a subdirectory,

In the case where a subdirectory of NTFS inherits an Access Control Entry (ACE), the “inherit only” flag determines
if that ACE will be further inherited by other subdirectories of that subdirectory.

A Guide to the ‘Inherit Only’ Flag Set: If the “inherit only” flag is set, child objects shall not inherit the ACE. This
implies that the current directory will not extend its permissions to all subdirectories as those granted by such an
ACE.
3.discuss under which circumstances is the “inherit only” flag set or cleared, and why.

Cleared: If the “inherit only” flag is cleared, child objects will inherit the ACE. This means that the permissions granted by
that ACE will be applied to both the current directory and its subdirectories.
Factors Affecting Inheritance The pattern of extension of an ACE is determined by various internal and external factors:
Parent Directory Permissions: The starting inheritance prevalence is defined by the amount of inheritance determined
within the immediate parent directory. Where the parent directory provides for Inheritance and ACEs having ‘Clear Inherit
Only’ are set, please do propagate to the child directory.
ACE Propagation Flags: Certain features of the ACE will govern how it is inherited. *The Child and the Objects flags
determine whether a child directory or file will inherit an ACE, and therefore it an ACE is cited in administrative permissions
dealings.
File System Permissions: Also the overall level of permissiveness attributable to the whole file system may impede the
potential level of inheritance.
For instance, when the file system has inheritance disabled for this particular object type, even objects flagged ‘inherit only’
will not receive child ACEs.
What is the purpose of the “Inherit Why Only Flag”?

For the reason that the “inherit only” flag restricts inheritance at the level in which permissions are actively present, this flag
is particularly useful. It enables users to:

Avert Permission Propagation: There's an option to prevent critical permissions from being passed on to subdirectories for
better access rights management

Reduce the Rate of Complexity: In managing the permissions of multiple files and directories, it is recommended that
inheritance is not boundless.

Prevent Access: Considering the boundary loopholes for permission inheritance will assist in minimizing unauthorized access
downstream.
Q.4. Discuss the meaning of a system in the context of security engineering.

In security engineering, a "system" refers to a collection of elements working together to satisfy a specific purpose. Elements
include hardware, software, networks, users, data, and processes brought together to satisfy a common purpose. It can also
range from a single tiny application to the entirety of an enterprise network. In security engineering, the first priority is to
find, analyze, and mitigate risks within the system in order to protect it from malicious access, data breaches, and other
vulnerabilities. But a well-engineered system does not just prevent unauthorized acts; rather, it provides reliability and
availability, integrity, and confidentiality regarding the data.

Q.5. Discuss how access control lists are used to represent access control matrices.
An access control matrix is a table that outlines the permissions of each user or group with respect to each object in the
system, including files and databases. Each row in this matrix is a subject-a user or process-where each column represents
an object, a resource. Each cell within the matrix specifies the access level allowed to that subject-object pair, which could
be read, write, and execute permissions amongst others.

One of the practical representations of an access control matrix is the Access Control Lists. ACLs make this easier by storing
access permissions directly with each object, rather than keeping some sort of giant matrix that maps every subject to their
object relationships. An ACL for an object explicitly enumerates subjects granted access and their permissions therein. For
instance, the ACL for one file would be "User A can read and write, User B can read, User C can execute." It is easier to
manage access this way because ACL considers specific access needs at each object rather than those of the whole system's
matrix.
6. Describe the environments in which they are widely used and their advantages and disadvantages.

The various environments where ACLs may be used include operating systems like Windows and Linux, file systems, and
network devices such as routers and firewalls. They become particularly useful in these environments, which require detailed
access management to individual resources, including shared databases, corporate networks, and cloud services.

Advantages:

Granular Control: ACLs have the facility for fine permissions down to an individual resource, thus making the access
management more accurate.
Efficiency: Access Control Lists have to maintain only the permissions related to each object, hence reducing the complexity of
access matrix management drastically.
Scalability: Very large systems can use ACLs wherein every resource manages its list of permissions to it independently.

Disadvantages:

Complexity in Large Systems: Long lists in very large systems - with a huge number of users and objects- may get cumbersome
to manage or audit.
Less flexibility for dynamic access: One of the major weaknesses of ACLs is that they tend to be quite rigid when permissions
need to dynamically change, thus requiring more manual updates. In certain use cases, such as frequent updating of
permissions or when one user accesses many different objects, for instance, ACLs would have to be constantly updated and may
therefore prove to be less efficient compared to RBAC systems.
7. Research on the recent security threats on government systems in Kenya

Security threats that government systems have faced in Kenya include only those mainly concerned with cyber attacks, data
breaches, and ransomware. Some recent examples are:

Ransomware Attack: Ransomware has remained one of the most active threats against government and critical infrastructure
systems. Attackers encrypt data and ask for the ransom key to decrypt the data, which is then going to affect government
operations and might delay some key services.
Phishing/Social Engineering: There have been a number of phishing attacks targeting government officials and employees in
order to compromise their credentials for unauthorized access to sensitive data, leading to a possible breach of data and
misuse of information.
Breach: There are a couple of government agencies where breaches have been reported with sensitive information regarding
IDs, addresses, and health information of the citizens being disclosed. Breaches have been reported due to vulnerabilities in
third-party systems integrated with government platforms.
Distributed Denial of Service Attacks: These are DDoS attacks that overwhelm government websites to the point of being
down and, thus, not accessible to users. This disrupts the services and thereby affects the availability of critical online portals.