Download Operational Environment E P2600 Clause 4 Additions v1.0

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Add the following new Subclause 4.6 after Subclause 4.5
1.1 Operational Environment E
1.1.1 Description
Operational Environment E is generally characterized by a private information processing environment in
which many elements of security are provided by the physical environment. Some level of network
security is needed to protect the device and its network from misuse originating outside of the
environment. Operational Environment E is generally characterized as a commercial information
processing environment in which many elements of security are provided by the physical environment but
the sensitive nature and volume of the documents processed often require a moderate to high level of
document security, network security, and security assurance. Typically, this environment involves one or
more dedicated operators that handle a high volume of documents commissioned by multiple enterprise
organizations or paying customers. Figure 1 shows a typical Operational Environment E environment.
Environments for which Operational Environment E applies cover all different types of businesses –
higher education, insurance, healthcare, utilities, graphic arts,
federal/state/local governments
manufacturing, etc. - as well as all different sizes of businesses - from the small “family” printing shops
with 10-20 people to large publishing houses. In fact, the businesses for which Operational Environment
E is appropriate cover all the types of businesses and system environments discussed in subclauses
<5.2> through <5.5> for Operational Environments A – D. What distinguishes business with systems that
fall into Operational Environment E is that the IT systems involved support two types of applications:
a. Publishing – Publishing applications involve copying or printing multiple (usually a very large
number) copies of a document directly from electronic data that is either scanned into the HCD,
electronically submitted to the HCD via a remote network or both. The HCD will process the
documents and then store them on the HCD in print-ready format until the documents are
“published”; “publishing” in this context can be printing of the documents for later physical
distribution or electronically distribution of the print-ready formatted documents. There are
different types of publishing models that can be used on submitted documents; examples of
these models are print on demand, where the document is printed in the exact quantity only
where and when it is needed, demand on request, where the document is printed in only the
quantity needed upon request, and distribute-then-print, where the document is printed at the
point of need instead of at a central location.
b. Transaction Printing – Transaction printing applications involve a mode of production printing
where the System Processor (see <4.2.2.6>) doesn’t know at the time the job starts when the
job will end. Transaction printing involves the HCD extracting information from computer
databases stored either in the HCD or on remote, third party servers. This data is variable and
relates to the “transaction” between the business and the end customer for whom the document
is being prepared for. This requires the system to fill in at the time of printing personally
identifiable information (PII) (e.g., names, addresses, Social Security Numbers) and other
information specific to the particular business involved onto multiple similar pages called forms.
Additional data may be derived by the production system using personal attributes from the
database. The result is a (usually very large) number of printed individualized forms that can
then be distributed either physically or electronically. The variable data (PII) and fixed data
(PII, corporate data) may be extremely sensitive and must be protected under privacy-related
regulations (e.g, HIPAA). The Production system must also assure the integrity of some of the
variable data (e.g., billing information).
NOTE: Transaction systems are often connected directly to enterprise data bases, where much
of the data is not intended to be used for printing. However, the printing system, if
compromised, could provide a way for an attacker get access to this other highly valuable data.
Alternatively the printing system could be used as a spring-off point to attack other systems on
the network.
Production Printing – A business-critical printing application which can share characteristics
of either publishing or transaction printing. In the publishing case, high volumes and a large
variety of jobs are particularly germane to operation. In the transaction case the main
characteristic is the need to print frequently including variable data supplied by sources that
may be outside the printing organization, and all this done reliably within a very constrained
time window,. For transaction cases, the time deadlines are given by their customers to them
and are not usually negotiable (e.g, checks or bills must go out on time with very little lead time
thus minimal time buffering is possible. These systems are extremely sensitive to DoS attacks.
c.
Systems in Operational Environment E are very similar (in some cases exactly the same) to systems
described for Operational Environments A – D. What separates systems in Operational Environment E,
however, from the other four operational environments are the following key elements:
a. They are most often located in a central facility that provides support to a large number of
external users (often entire businesses or populations)
b. They are managed by a very small and dedicated group of trained administrators (denoted as
operators) who perform all of the HCD user functions and many (if not all) of the HCD
administrative functions, as well as manage the security functions for these systems.
Separate IT professionals often perform the network administration functions, although the
dedicated operators can perform this function instead,
c.
Remote connection will only be allowed from a small number of dedicated workstations/PCs
that are physically located in the same central facility as the HCDs; remote connection from
workstations/PCs external to the central facility is almost never allowed; the network is a
dedicated internal network for the central facility.
d. Many of the HCDs in Operational Environment E (but certainly not all) also have service
personnel who are dedicated solely to these HCDs.
Figure 1
Operational Environment E Example
Outside
Fax
Equipment
Fax Phone Line
Operational
Environment E
PSTN
NonNetworked
Fax
Phone
Line
Isolated Fax
`
E-Mail Server
Isolated Desktops and
Hardcopy Devices
Hardcopy Devices
Web Servers
Internet
File/Print Servers
`
Router
External
Firewalls
`
Operator
Terminals
`
1.1.2 Typical security environment
Systems in this environment face many of the same threats as systems in Operational Environments B
and D. However, since systems in Operational Environment E tend to have only internal networks, the
main remote threats tend to be from unauthorized access to the internal network from outside of the
network via the Internet, as media is entered into the system or the use of other internal systems as a
means of attack. As a result, measures to protect from these outside threats tend to be important in this
environment. Like Operational Environment B, most systems on these internal networks are protected
from direct exposure to the Internet by firewalls or restriction of IP addresses — but penetrations of those
systems through other means could permit intruder access to internal networks.
Physical security tends to be extremely important in Operational Environment E because of the
centralized nature of these systems. In addition, many of these systems are used to print out PII and
other sensitive information as indicated earlier, so physical security measures are put in place to make
sure that only authorized persons have access to the system. Adding to this concern is that some
systems in this environment use sensitive resources like blank check stock; unauthorized access to these
resources could have large negative consequences (e.g., check fraud).
In Operational Environment E, systems are typically susceptible to both local and remote threats. Local
attacks, such as unauthorized access to the dedicated workstations or HCDs, can often lead to
unauthorized access to sensitive documents, PII and other sensitive data, and may also lead to
unauthorized data modification or consumption of resources. The threat of unauthorized remote (and
internal) users obtaining access to documents that are stored in the HCD during processing of publishing
jobs or to PII and other sensitive information in addition to the documents themselves during processing
of transaction print jobs becomes much more important in this environment because the documents and
data tend to be stored in nonvolatile memory for long periods of time relative to systems in the other four
environments.
Since the network in this environment tends to be a dedicated one, the threat of local users attacking
other local systems from within the organization’s network is much less in Operational Environments E
than in Operational Environments A & B. Security breaches caused by remote threats involving malicious
payloads sent by external parties, such as viruses and worms acquired via email or infected Web sites,
are possible but much less likely in this environment. Threats against network-based applications caused
by internal or external parties can also occur in this environment; if they do occur they tend to affect the
entire system because of the limited number of remote dedicated nodes connected inside the network.
Both malicious payloads and network application attacks are most likely to affect availability (e.g.,
crashing the system or device, consuming all network bandwidth, breaking functionality) but may also
affect integrity (e.g., infecting data files) or confidentiality (e.g., providing remote access to sensitive data).
Data disclosure threats tend to come from internal parties who are monitoring traffic on local networks,
and they primarily affect confidentiality.
Some commonly accepted security practices found in Operational Environment E are as follows:
A) Internal networks are segmented with internal firewalls and other defense-in-depth techniques to
restrict access and filter unnecessary protocols/IP addresses
B) Systems restrict access to only a few dedicated users
C) Remote administration or access is generally restricted
D) System management is centralized with restricted access to management functions to the authorized
dedicated operators and network administrators
E) Security-related applications (e.g. antivirus) are centrally managed
F) Physical access to printer and multifunction devices and their features is restricted, and accounting
features are enabled
1.1.3 Examples
The examples that follow describe typical HCD environments that might be considered Operational
Environment E.
University Publishing Center – These are generally centralized facilities containing one or more
production systems as well as other HCDs that handle all of the printing needs for a college or university;
this may include printing/copies of research papers, theses, books, articles, etc. Typically there is some
type of minimal physical security maintained at the facility so that only the authorized operators who run
and maintain the various HCDs are permitted access to them. The susceptible assets in this case focus
primarily on intellectual property of the university staff and students, although reprint of previously
published material can involve copyright issues. Centers of this type must maintain and protect
accounting information to make sure that student and faculty accounts are properly charged for the pages
that are printed or copied.
Computer Center for a Bank – Typically this will also be a centralized facility that uses HCDs to print or
copy customer bank statements, credit card statements, and a myriad of financial reports. Limiting access
to only authorized persons is very important here because of the sensitive nature of the information that
needs to be protected – customer PII, sensitive account information associated with each customer,
financial information about individuals or companies, etc. Regulatory mandates involving financial
reporting and Federal Reserve requirements become very important in this case.
Print-for-Pay Company – These are retail establishments or contract firms that specialize in printing or
copying for a fee large volume of documents for individuals or other companies. Are generally in small to
medium office buildings located in highly accessible locations. As in the University Publishing Centre case
these will typically be some type of minimal physical security to make sure that only authorized operators
can access and run the HCDs. Depending on the company there may be dedicated network access to the
HCDs via PCs or workstations at the company’s physical location; there generally is no network access to
these HCDs from outside this dedicated network. Protection from access to HCDs outside of the
dedicated network becomes important as a result. Pay-for-Print companies get requests for printing or
copying all types of information; however, the susceptible assets would likely be the same types of assets
described in the examples for Operational Environment B. Few, if any, legislative controls are required or
observed, although some privacy controls would be required to protect any confidential business
information that might be printed or copied.
Corporate Reproduction Center – This would be a facility to handle all of the reproductive needs for a
group or division within a large enterprise. Such centers may be a shop or room inside another facility or it
could be a centralized facility in a separate, stand-alone building. A center of this type would typically
handle a high volume of documents such as reports, packaging labels, product user documentation for
both internal and customer use. Physical security becomes very important for such centers, as is
protection of sensitive and confidential financial, intellectual property, and not-yet-launched product
information that may be printed and copied for internal use. Internet and network access to the HCDs in
these centers is almost always limited only to the personnel authorized to run and maintain the HCDs. As
in the University Publishing Center case, maintaining and protecting accounting information is also
important to make sure that each department is properly charged for the pages that are printed or copied.
Public Utility – Public utilities encompass a wide range of industries covering natural gas production and
distribution, electrical energy distribution, water and sewer services, etc. Public utilities are separated
from other industries by the degree of both federal and state regulatory requirements that cover every
type of utility. Public utilities print and manage thousands of documents including customer bills, company
brochures, price lists, service manuals and bulletins, and documentation required by government
regulators. As a result, the security of electronic documents becomes very important to public utilities.
Public utilities also have to maintain and protect private customer information used in billing and
accounting.
Insurance Company – Insurance companies fundamentally are in the business of providing coverage
against loses resulting from occurrences such as auto accidents, injuries or natural disasters that carry
some degree of risk. Insurance companies run the gamut in size from small local firms to large multinational companies, but they all have in common a need to attract more business by lowering premiums
and expanding services. Because of the broad range of insurance services available to customers
insurance companies are forced to print and warehouse thousands of forms, ranging from enrollment kits
to policies to customer statements to marketing information, for a large number of customers. Physical
security is typically not a concern for insurance companies. However, due to the highly competitive nature
of the insurance industry, protection of internal information such as pricing data becomes important.
Business customer privacy issues such as protection of PII and regulatory compliance requirements
mean that insurance companies must also place a great emphasis on both data security and protection of
the large volume of internal documents they must maintain as they transition to electronic document
management and off-site image storage.
Modify Table 1 in Subclause 5.6 as follows:
Factors Affecting Security
Effect on Security Requirements
A
B
C
D
E
Operational
Environment
Element of Security
Value of Asset
High
Moderate
Moderate – Low
Low
Moderate - High
Physical Security
High
Moderate
Low
Low
High
Network Protection
High
Moderate
Moderate
Low
Moderate
Laws and Regulations High
Moderate – Low Low
Low
Moderate - High
(1)
Personnel Trust
High
Moderate
Low
Low
High
NOTE— “Laws and Regulations” include privacy and governance laws, industry-specific standards, etc.
Related documents
Women and Men in Othello: `What should such a fool/Do with so
Women and Men in Othello: `What should such a fool/Do with so
Communication about high-cost drugs in oncology—the patient view
Communication about high-cost drugs in oncology—the patient view
The Northern Renaissance Begins
The Northern Renaissance Begins
Direct Printing of Circuit Boards Using Aerosol Jet
Direct Printing of Circuit Boards Using Aerosol Jet
Operating System Support for Database
Operating System Support for Database
Power Flow Models: The Transmission Provider shall develop
Power Flow Models: The Transmission Provider shall develop
Building Blocks in this issuE
Building Blocks in this issuE
Database System Concepts, --Silberschatz Korth, Sudarshan, -
Database System Concepts, --Silberschatz Korth, Sudarshan, -
STUDENT COMPUTER USE
STUDENT COMPUTER USE
PaperCut Features at a Glance
PaperCut Features at a Glance
KEY TERMS.doc
KEY TERMS.doc
Appendix S-2 - FSAEOnline.com
Appendix S-2 - FSAEOnline.com
MARKETING
MARKETING
MKTG 3331 Chapter 1
MKTG 3331 Chapter 1
Genetic Codes Explained
Genetic Codes Explained