Morgan Stanley Risk Assessment Report
Purpose
The purpose of the risk assessment was to assess the capability of the MS control system to identify threats to its two web portals Ideas and ClientServ. The risk assessment will be qualitative process meant to identify mitigating factors to threats to the companys operation (BNAC, 2007). The web portals are classified as high risk systems, vulnerable to threats and attacks and are under constant scrutiny from compliance and legal departments (Birchall, Ezingeard, McFadzean, Howlin, Yoxall, 2004).
Scope of the risk assessment
The web portals Ideas and ClientServ comprise of several key features. A user friendly graphical user interface (GUI), audit trail, administrative privileges and user groups. The ClientServ web portal is the external interface used by clients to review account activity and other banking transactions while Ideas is the internal web interface used by financial advisors to review clients account data and banking transactions. The Web portals are supported by BMC BladeLogic software that utilizes open architecture that allows in-house development of form based interfaces using Java which are then interfaced with MS IT enterprise infrastructure consisting of its network, computer plant and databases (Kralj-Taylor, 2009). The web portals Ideas and ClientServ are hosted by the IT department at its data centers in New York and Utah.
The risk assessment report will also cover other supporting components of MS IT infrastructure which include MS network infrastructure, firewall, web application, databases and operating systems. This IT infrastructure if exposed could result in unlawful disclosure andor modification of data or in some cases access restriction to enterprise data to legitimate users in the event of a denial of service attack on the network (Nocco, 2006).
Risk Assessment Approach
The assessment guidelines set up by U.S. federal government for information technology systems were used in the risk assessment which concentrated mainly on security weaknesses that could affect MS reputation and standing in the industry in the event of a successful attack on its system as a result of loss data integrity and exposure of confidential data (National Institute of Standards and Technology, 2002). The assessment came up with important management, operational and technical controls recommendations and mitigation factors (Ferris, 2002).
Risk Assessment process
This segment of the risk assessment will detail the procedure that was used to process the risk assessment report. The procedure is divided into two stages the assessment and post assessment stages.
Assessment
This stage of the assessment reviewed publicly about MS. The information collected from these documentary sources helped to identify threats to there IT infrastructure (BNAC, 2007).
Table 1 Techniques used
TechniqueDescriptionDocument reviewThe assessment reviewed MS security policies and information policy, enterprise and network infrastructure.Vulnerability sourcesThe assessment reviewed documentary information from several MS partners and IT vendors and security experts to identify potential weaknesses in IT system. The sources consulted included
British North American committee ( HYPERLINK httpwww.bnac.org www.bnac.org).
The NCC Group ( HYPERLINK httpwww.nccgroup.com www.nccgroup.com)
IBM ( HYPERLINK httpwww.ibm.comgrid httpwww.ibm.comgrid) (IBM, 2003).
2.1.1.1. Risk Model
The risk following is the model used to determine risks to the web portals Ideas and ClientServ
Risk determination Threat likelihood x Magnitude of impact
Threat likelihood Several factors were used when determining the threat likelihood and its potential impact on MS enterprise infrastructure and reputation (Presidents Identify Theft Task Force, 2007). Some of these factors include
Existing control measures effectiveness
Nature of system weakness
Source of the threat and its capability and motivation
The following definitions were used in the assessment of threat likelihood (National Institute of Standards and Technology, 2002).
Table 2 Threat likelihood
Threat likelihood (Weight)Likelihood DefinitionHigh (1.0)The threat source has sufficient motivation and capability to penetrate and overcome controls and measures put in place to prevent attacks on the system. Moderate (0.5)The threat source has the motivation and capability, but controls and measures put in the system are an impediment to a successful attack.Low (0.1)The threat source lacks the motivation and capability to launch an attack on the system or system controls are a deterrent against an attempted attack on system weaknesses.
Table 3 Magnitude of Impact
Magnitude of Impact (Score)DefinitionHigh (100)The impact of loss of confidentiality, integrity and confidentiality could be expected to severely affect the operations and assets of the organization andor individual (National Institute of Standards and Technology, 2002).
Examples
An attack that compromises the operations of the organization to the extent that it cannot execute one or more of its primary operations.
Extensive damage to the organizations enterprise infrastructure.
Massive financial loss
Massive loss of life or extensive personal injuries to individuals.Moderate (50)The impact of loss of confidentiality, integrity and confidentiality could be expected to seriously affect the operations and assets of the organization andor individual.
Examples
An attack that compromises the operations of the organization to the extent that its execution of one or more of its primary operations is significantly degraded.
Significant damage to the organizations enterprise infrastructure.
Significant financial loss
Significant personal injuries to individuals.Low (10)The impact of loss of confidentiality, integrity and confidentiality is expected to have limited adverse affect on the operations and assets of the organization andor individual.
Examples
An attack that compromises the operations of the organization to the extent that the execution of one or more of its primary operations is noticeably degraded.
Limited damage to the organizations enterprise infrastructure.
Limited financial loss
Minor personal injuries to individuals.
Magnitude of impact The risk assessment also measured the impact of a successful attack on the system. The risk assessment report identified the following three security goals as facing the greatest risk in the event of a successful attack on the system (Ferris, 2002).
Confidentiality-Loss of confidentiality as a result of unlawful disclosure of private and sensitive information (e.g. Data Protection Act, Privacy Act).
Integrity-Loss of data integrity as a result of unlawful and unauthorized access to the system.
Availability- Denial of service attacks impact on the systems functions and operations.
Table 4 Risk Calculation formula
Magnitude of ImpactThreat LikelihoodLow (10)Moderate (50)High (100)High (1.0)Low risk
(10x1.010)Moderate risk
(50x1.050)High Risk
(100x1.0100)Moderate (0.5)Low risk
(10x1.010)Moderate risk
(50x1.050)High Risk
(100x1.0100)Low (0.1)Low risk
(10x1.010)Moderate risk
(50x1.050)High Risk
(100x1.0100)Scale Low (1 to 10) Moderate (10 to 50) High (50 to 100).
Risk Determination The risk assessment adopted the following threat model to determine the level of risk to the IT and security system (National Institute of Standards and Technology, 2002).
Threat likelihood- Likelihood of a given threat attempting to implement an attack through weaknesses in the system.
Magnitude of the impact- Impact of a successful attack on the IT and Security system through weaknesses in the system.
The effectiveness of existing and mitigating measures to neutralize andor eliminate risks.
Table 5 Risk Level Definition
Magnitude of ImpactDefinitionHighA strong case for urgent mitigating and corrective measures to be undertaken is evidently visible to ensure the existing system continues to operate, system shutdown or a stop to all system integration efforts or testing may be required. (BMC 2009). ModerateA case for planed and focused corrective and mitigating measures to be undertaken within a defined time frame is required to ensure the system continues to operate (National Institute of Standards and Technology, 2002). LowThe risk to the IT and security system must be weighed against the overall risk plan of the organization and decisions made whether mitigating measures need to be undertaken or if the organization can operate with the residual risk to the entire system.
If the risk level is considered to be very low or negligible it should be recorded to ensure that all potential risks are recorded and identified for future reassessment and analysis to determine there threat level and likelihood.
System Characterization
Technology components
Table 6 Technology components
ComponentsDescription (MS technology infrastructure)ApplicationsIn-house development using Java Enterprise technologies where most appropriate (Kralj-Taylor, 2009).DatabasesSybase, DB2 UDB,DB2 mainframeDistributed ComputingMessage oriented, loose coupling, Xml messages, Binary-Xml encoding, Soap, Fix, XML content based pub-sub xml routersLanguagesC, Java, C ,Perl, Python, A, other dynamic languagesOperating systemLinux, Solaris, Windows, MainframeNetworksCisco Routers, FirewallInterconnectionsInterface to IBM grid, BMC BladeLogic (IBM, 2004). ProtocolsTCP,HTTP,IBM-MQ, Persistent-TCP, Optimized data transportPhysical location(s)
Table 7 Physical location
LocationDescription (MS main physical infrastructure location)Data centerBrooklyn NY Utah (BMC, 2009).Help DeskNew York Plaza, NYHeadquartersTimes Sq. NY (Kralj-Taylor, 2009).
Data Input into System
Table 8 Data into System
DataDescriptionPersonal Identification Number (PIN)The main personal data that goes into the system includes
Name
Address
Phone Number
SSN
DOBFinancial InformationThe main financial data that goes into the system includes
Credit card number
Credit Card Verification code
Expiry date
Card type
Authorization reference code (BMC 2009).
Transaction reference codeLogin InformationThe main way to access the system is through login information, the data that is goes into the system includes
Username
Password (BMC 2009).System Users
Table 9 System Users
UsersDescriptionMS ClientsAccess system via ClientServ web portal using a web browser. Clients can view account summaries, evaluate gains and losses in their accounts, trade in securities, evaluate account going-on, transact business and download tax information (BMC 2009).MS Financial advisorsAccess system via Ideas web portal, Manage Clients banking portfolio such as reviewing clients account data, statements and rebalancing of clients portfolio (Daula, 2006).MS IT PersonnelApplication deployment team tasked with planning, scheduling, co-coordinating changes to propriety software and verifying impact of those changes. Network and Data Management team tasked with management of enterprise infrastructure (IBM, 2003).MS OperationsUtilize the information in ClientServ and Ideas web portal databases for change management and business continuity planning (BMC 2009). MS OfficesMake use of web portals for in the flesh reinstatements of clients accounts.Data flow diagram
The data flow diagram represents partial technology components of the web portal system.
Vulnerability Statement
The following vulnerabilities were revealed in the risk assessment
Table 10 Identification of risks
VulnerabilityDescriptionCross-site scriptingWeb application used as a mechanism to launch attack on end users web browser. An end users session token can be used to spoof content to fool the user compromising data integrity. This could lead to identity theft which could cause massive credit fraud (BMC 2009).Wet-pipe sprinklers in MS Data CentersFire in data center can trigger sprinkler system to release water which can compromise availability of data in MS enterprise. This could shut down the operations of the organization causing massive financial losses and lawsuits.Unused User Identifiers Unlawful and unauthorized use of user IDs by malicious users can compromise the integrity and confidentiality of MS data. Identity theft can lead to credit card fraud and insider trade which can lead to financial losses to Morgan Stanley (BNAC, 2007). .Uncorrected Flaws Malicious exploitation of security flaws in the system can compromise integrity and confidentiality of MS data.
This can lead to undetected fraud and transactions which can cause losses and exposure of personal data to unauthorized individuals which can cause lawsuits (BMC 2009). SQL injectionMalicious use of web application to launch an attack of backend components through exploitation of security flaws in the system where web requests are not validated before being accessed by the web application this could result in compromise of confidentiality and integrity of MS data (BMC 2009).Passwords weaknessesPasswords could be easily guessed and used to gain access to the system unchanged passwords could compromise data integrity and confidentiality through identity theft (BNAC, 2007).Scripts and Initializing files Malicious exploitation of passwords and user names in scripts could result in loss of confidentiality and integrity of MS data.
Threat Statement
Table 11 Threat statement
Threat SourceMotivationThreat ActionshackersHackers are likely to be motivated by the thrill of
Challenge
Rebellion
EgoSocial engineering
Unlawful and unauthorized access
IP address hijacking
Website defacement
System intrusion
BlackmailCyber terrorists Cyber terrorist are likely to be motivated by
Money
Destruction of information
Exploitation (BMC 2009).
RevengeCyber terrorism
Spoofing
System beak-ins
IP spoofingEmployeesEmployees are likely to be motivated by
Curiosity
Money
Intelligence or corporate espionage
Sabotage worms, Trojans, viruses (Jaques, 2005).
Unlawful and unauthorized system access
System bugs
Malicious browsing of confidential information (Redeyof, 2009).
Fraudembezzlement Environment
No applicable motivational factor involved in this case.
Natural disasters
Earthquakes
Flooding
TornadoesSystem failureNo applicable motivational factor involved in this case.
Air conditioning failure
Communication failure
Fire
Human error
Power loss Risk Assessment Results
Table 12 Risk Assessment Results
Item NumberObservationThreat SourceVulnerabilityExisting controlsLikelihoodImpactRisk ratingRecommended controls1Cross-site scripting HackersCross-site scripting Validation of headers and cookiesMediumMediumMediumRequire validation of all parameters i.e. cookies, hidden fields, cookies, query strings against system specifications (BMC 2009).
2Fire could activate wet-pipe sprinkler compromising system data in MS data centerEnvironment System Failure
wet-pipe sprinklersNo relevant controls to mitigate against this risk.ModerateHighModerateNone. Residual risk accepted.
3Unlawful and unauthorized use of unused user identifiersHackers Employees Unused user identifiers
Controls are in place but not enforcedModerateHighModerate Require verification process of terminated accounts with agreed timeline. Continuous employee education (Redeyof, 2009).
4Malicious exploitation of security flaws can be executed in unpatched applicationHackers Employees Uncorrected Flaws
Careful monitoring of advisories and patch releases is in place. Enterprise IT infrastructure is protected by firewall. Employees pose greatest risks. ModerateHighModerateImplementation of procedures and timely review and timely updates of vendor patches. Require Automated system notification of system updates. Continues employee education (Reich Benbasat, 2000).
5Extraction and modification of database information through SQL commands insertion in form fieldsCyber terrorists and HackersSQL injection Limited Form field Input validationHighMediumMediumRequire all parameters to be validated and data integrity enforced. Centralization of system libraries and components should be implemented and enforced to enhance effectiveness of validation process (Dhillon. Backhouse, 2001).
6User password remain unchanged or easily guessed and crackedHackersPassword weaknesses and effectivenessChange passwords regularly, password must be alpha-numeric and at least 6 characters.ModerateModerateModerateEnforce mandatory use of special characters
7Malicious exploitation of initialization files and scripts can easily take place compromising integrity of data and confidentiality Hackers Scripts and Initializing filesNo clear text passwords allowed in initialization files and scripts. Access restriction to back office operations and workstations.ModerateHighModerateEnforcement of corporate policy and practices and stringent security measures to corporate databases (Hirsh Ezingeard, 2008).Though it may not be practical to address all identified risks to the IT infrastructure, priority should be given to threats that have the potential to cause significant impact to an organizations mission, environment and objectives. The approach one organization my wish to use to mitigate against these risks vary from another organization, but what is common is that there are a range of appropriate mitigation technologies available from various security vendors which can be used in addition to adopting administrative measures which can be technical and non technical (Hirsh Ezingeard, 2008).
Conclusion
All organizations that have automated there systems and operations in there effort to meet there corporate mission and vision in this digital era must put emphasis in the protection of there corporate informational assets, this can only be achieved by putting up a risk management plan and policy whose main objective is to protect the organizations ability to meet its objectives and goals (Reich Benbasat, 2000). The risk management policy should not be seen as a purely IT or technical function but as a critical part of an effective and efficient security program for the organization which all players in the internal and external organization functions need to involve themselves in starting from the management, IT staff, Operational staff and clients. Morgan Stanley has taken a huge step towards ensuring that a risk management plan plays a huge part in its overall strategic goals.
Categories:
0 comments:
Post a Comment