Project 1: Appendix A
Shuntae L. Brown
University of Maryland Global Campus
CB 610 7611: Foundations in Cybersecurity Management
Professor Marian Leerburger
January 31, 2023
From: Telstra Limited, Chief Operations Officer (COO)
To: Telstra Corporation Limited LLC, Board of Directors
Date: January 23rd, 2023
Subject: Security Plan Recommendation Memorandum
Telecommunication has evolved throughout the years, leaving the opportunity for hackers to conduct data breaches and cyberattacks. In February 1992, OTC and Telecom Australia merged to become the Australian and Overseas Telecommunications Corporation (AOTC). In April 1993, the combined company adopted the name Telstra Corporation Limited as its official corporate name (ABC, 2019, December 22). In the fall of 2022, Telstra Corporation Limited, Australia's largest telecommunications provider, experienced a data breach. Approximately, 30,000 present and past employees and customers were affected (Reuters, 2022). The information collected was minimal and primarily consisted of names and email addresses. Telstra speculates that information was released to capitalize on the Optus breach that occurred earlier in 2022. Telstra did not confirm the exact number of people affected or the date of the incident. However, they reported that only customers and current and formerly employed workers were compromised. There are many preventive measures and steps a company can take to better secure the Information Systems and protect Telstra Corporation Limited’s assets. Staff members must be inclined about the following: data flow, cybersecurity concepts and vulnerabilities, common cybersecurity attacks, network forensic analysis tools, major concepts of enterprise cybersecurity, and cybersecurity threats. This information is valuable and useful to businesses, companies, modern enterprises, and large corporations, such as Telstra Corporation Limited. The effectiveness and resilience of the security program should prove effective in preventing future data breaches and attacks through the implementation of security measures, policies, and procedures that prioritize maintaining the confidentiality of data. This is similar to the security model developed by Bell and LaPadula.
It is vital to identify the flaws that are presented within the business in order to gain an understanding of how Telstra Corporation Limited can employ this approach to reduce the vulnerabilities that lead to the breach. Both technological and administrative vulnerabilities will be addressed by the security measures that will be implemented. Firewalls, single sign-on, multi-factor authentication, and backup sites will all be components of the technical security measures that will be implemented. The combination of these security procedures provides a high degree of confidence that the individual who is attempting to access a resource (database, file, or information) is authorized to do so. In the event of a ransomware invasion, backup locations will also make it possible to implement redundancy. As the number of ransomware attacks continues to climb, one of the most important things to do is to make sure that any restored data and services come from a reliable and trustworthy source.
Administrative security measures will include a full review of policies and protocols. Integral to the last breach was a policy that allowed users to data mine or scrape to gather information on individuals with just a phone number. Policies provide a high-level vision and structure for the organization's security program. Review policies to ensure they’re aligned with business objectives but simultaneously ensure that confidentiality is the focus. Security policy reviews set the direction of the program as well as outline the roles and responsibilities of individuals within the organization in the event of a breach.
The impact of not performing a review of policy and implementing the security measures outlined above are profound. Security breaches, when made public, undermine public and investor trust in the company and negatively impact the stock price, reputation, and overall bottom line. Development, implementation, and maintenance of security measures are not inexpensive, however, a security breach and its impending legal and regulatory ramifications will offset any savings if the measures are not implemented. To further protect the company in the event of a future security breach, it is recommended that Cyber insurance be purchased. Cyber insurance protects businesses' liability in the event of a data breach involving sensitive customer information.
Proper implementation of this security recommendation plan requires strategic alignment between information security functions and business functions within the organization. Cybersecurity resource return on investment is not always readily apparent. When security measures are working effectively, breaches and incidents are minimal, and well-established processes prevent a total disruption of business operations. To evaluate the effectiveness of the security plan there shall be annual reviews of the policies and quarterly metric updates to ensure intended outcomes and goals are being met – only authorized individuals can access sensitive data.
ABC. (2019, December 22). Telstra Security Report
Reuters. (2022, December 12). Australia's Telstra suffers privacy breach, 132,000 customers impacted.
Appendix A: Security Models Summary
Every company has a responsibility to maintain the privacy, reliability, and accessibility of their computer systems and data networks. In order for organizations to reach this objective, they must deploy security frameworks that have been built using scholarly concepts, extensive research, and rigorous testing. CIA Triad, the Bell-LaPadula Model, Clark-Wilson, The Brewer and Nash Model of the Chinese Wall, The Protection of Clinical Information Systems, Security with No Interference, The Possibility of Deduction Safety, and Graham-Denning are the eight different security models that are prevalent and can be used depending on the particular business case. Each security model places an emphasis on a distinct component of the CIA triad in order to ensure that new dangers and openings are closed. When firms fail to correctly detect and address threats and vulnerabilities, they leave themselves open to attack by malevolent cyber actors.
Understanding the components that make up the foundation of security models, such as confidentiality, integrity, and availability, is necessary before proceeding with an in-depth exploration of the security models. These core goals serve as the guiding force behind the development of security strategies, policies, and standards. It is important to maintain confidentiality so that only those individuals who are allowed to do so can access the data. Unless the owner or custodian of sensitive information gives their express agreement for it to be disclosed, such information must be kept private (NIST,2004). Data is said to have integrity if it is kept in the state it was meant to be kept in, is not changed, and only authorized employees are able to edit or modify it. Access to information being made available in a reliable and timely fashion is what's meant when we talk about availability. Authentication and non-repudiation are two additional goals that are frequently included as components of security assessments and plans. Prior to allowing access to a resource, authenticating a user requires them to first give their credentials, which are then checked for accuracy.
In 1976, the Bell-LaPadula Model was developed, and its primary focus is on both mandatory and discretionary access control (DAC). Access controls known as mandatory access controls, or MAC, are those that are set and administered by a centralized authority, such as the System Administrator, and are imposed by the operating system itself. The concepts of discretionary access control are distinct from those of MAC in that the owner of each file retains the authority to make changes to the attributes that determine who is permitted to access the file. Because of its early adoption, Bell-LaPadula places a strong emphasis on maintaining data confidentiality. This is accomplished by ensuring that only authorized users have access to the data to which they are permitted. In 1976, this meant preventing users on separate terminals on a mainframe from viewing the files of other users (Bell & LaPadula, 1976). This security model is aligned with the military classification hierarchy because early funding of internet technology came mostly from the United States government. The purpose of this security model is to keep confidential material hidden and only to disclose it when it is explicitly approved to be shared. Read Down, Write Up, and Trusted Write Down are the model's three defining characteristics that make it a Bell-LaPadula (BLP) model. It is essential to one's comprehension of this model's characteristics to have a firm grasp on the fact that BLP categories correspond to those used by the military. Read-down is a security measure that prohibits users from obtaining access to information that is above their level of clearance. Users have the ability to read down to a lower rating, but they are unable to read up to a higher level. According to the BLP, a user is not permitted to access material that is marked as Top Secret if the documents that contain the information are labeled as Secret or below, regardless of the user's security clearance level. On the other hand, if the same person desired to view documents that were classified as "Confidential," which is a lesser classification, they would be permitted to do so. An access control list, which details the permissions granted to each user in relation to the file, is used to regulate who can view the information and how they can view it. The second component of the BLP paradigm is referred to as "Write Up." Users of Write Up are only able to create documents at the same or a higher degree of classification than they themselves hold. The final function, Trusted Write Down, has a flaw in its design, therefore the classification moves closer to Top Secret when it is combined with the Write-up feature. In order to accomplish this objective, a trusted user is selected and given the authorization to write information down to a level of classification that is lower than it is now. The BLP paradigm is flawed and has a number of inherent limitations. It places a primary emphasis on maintaining data privacy by limiting access to only those individuals who have been specifically allowed to view it. It is not the most important thing to worry about whether the data has been altered by hostile actors or whether it is always available when it is requested. The complexity required in classifying data, regularly checking it for changes in categorization, and ensuring that access control lists are updated are processes that consume resources and can be difficult to manage due to their inherent difficulty.
The Stringent Integrity Policy of Biba
The utilization of access restrictions is the primary method prioritized by this security model in order to guarantee the accuracy of stored data. In 1975, Kenneth J. Biba was the first person to suggest the idea. The design of this model is based on the principle that users or subjects cannot corrupt data at a higher level than the subject, and that the corruption of data must be restricted at a lower level than the subject (Wright, 2008). This paradigm consists of two essential components: subjects and objects. It is predicated on the idea of "integrity levels," according to which every object in the system is designated with a particular integrity level. In the strict integrity model, a subject (such as a user or a process) is only permitted to read or write an object (such as a file) if the integrity level of the subject is either greater than or equal to the integrity level of the object. This is because the strict integrity model was designed to prevent unauthorized access to data. This indicates that a subject with a higher integrity level has the ability to read or write any object, whereas a subject with a lower integrity level can only read or write objects with an integrity level that is equal to or lower than their own. This concept is useful in situations in which there is a requirement to prevent alterations, whether malicious or accidental, to sensitive data. This methodology can lead to restrictive practices, and it might not be appropriate for all kinds of network configurations. Because subjects can only read or write objects if their integrity level is greater than or equal to the integrity level of the object, it can be difficult to carry out specific operations or access particular pieces of data using the Biba paradigm. This correlates with the subsequent constraint, which is the overhead. A process that involves identifying subjects and objects, assigning integrity levels to each, and maintaining those levels can be time-consuming and exhausting on resources. Biba, in contrast to the BLP, provides only two integrity levels: high and low. This can make it difficult to administer the system and differentiate between different levels of security or sensitivity of data that are contained within it. There are reliable subjects in the BLP, and some of them have the ability to jot down data. The Biba stringent integrity model does not include this capability in its repertoire. Biba is a model that can be deployed quickly and easily, making it a good choice for applications with few objects, subjects, and integrity levels that place a high priority on data protection.
This concept was developed in 1987 by David Clark and David Wilson with the intention of ensuring data integrity in computer systems that process huge volumes of sensitive information, such as financial data or other sorts of private information (Clark, Wilson, 1987). Clark-Wilson differentiates between two categories of entities: subjects (active) and objects (passive). A subject is an active entity such as a user or a process, whereas an object is a passive entity such as a file or a database. For example, a user is an active subject, whereas a process is an example of an active process.
The model is predicated on the idea of "well-formed transactions," which are a series of operations that are defined by the system administrator and are guaranteed to maintain the data's integrity. These transactions are the fundamental building block of the model. The Clark-Wilson Model has several explicit objectives as part of its design that are listed below:
· Preventing unauthorized parties from making changes to the items.
· Avoiding authorized subjects from making unauthorized changes to things.
· Preserving coherence on both the inside and the outside.
The "separation of duty" ideas are utilized in the execution of the transactions. This is a reference to the principle that no user should be granted sufficient privileges to be able to exploit the system on their own (NIST, 2017). Every object has its own unique set of integrity rules that determine who can access it and how it can be changed. These rules can be found in the item's metadata. Access to the object is only permitted in the context of a properly constructed transaction, and even then, the integrity rules governing that transaction must be satisfied before it may continue. This model is believed to be more complicated than some of the other models; nevertheless, it is also considered to be more powerful and adaptable. It is frequently utilized in large businesses and corporate systems where maintaining the integrity of the data being stored is essential, such as in contemporary database management systems such as Oracle, DB2, MS SQL, and MySQL.
The Brewer and Nash Model of the Chinese Wall
The Chinese wall model is a security paradigm that was first presented in the 1980s. It is also known as the Brewer and Nash model and its primary focus is on safeguarding privacy and integrity through the use of read and write access privileges. The idea of a "conflict of interest" serves as the foundation of the model, and it was developed in order to stop the unlawful sharing of sensitive information among the various tenants and users of the system. The referred-to "wall" is defined by a set of rules that ensures that no person or thing on one side of the wall can access things on the other side of the wall (Brewer, Nash, n.d). This concept is most frequently utilized by consulting and accounting firms in order to safeguard their customers from potentially problematic conflicts of interest. To keep one's privacy and one's integrity intact, however, it is essential to ensure that all relevant information is kept up to date and that all potential conflicts are identified. "Write once, read many" is one of the rules that are specified in the model. This policy prevents objects from writing to information after they have already accessed it. This model is thought to be more granular and adaptable than models that have been suggested in the past because of the dynamic nature of both the interest and the data involved. The Brewer and Nash model is frequently utilized in industries such as financial, legal, and medical to preserve client and patient data and to ensure that conflicts of interest do not occur.
The Protection of Clinical Information Systems
In a study published in 1996 and titled "Confidentiality in Clinical Information Systems," a methodology was proposed for protecting the security of clinical and patient records in information systems while allowing practitioners to share vital data (Anderson, 1996). The paradigm places a primary emphasis on three essential features: confidentiality, informed consent, and responsibility. Access to the patient’s records is restricted to just those individuals who are included on the access control list (ACL). This model makes use of the BLP model by enabling the writing of data with a lower level of sensitivity to records with a sensitivity level that is either the same or a higher level. A single subject on the ACL is given sole responsibility for the ACL. This subject is allowed to make modifications to the ACL, but they are required to communicate those changes to the other subjects on the ACL. This is done so that informed consent may be obtained. The patient is required to provide consent for the adjustment (Anderson,1996). Accountability is preserved in the patient records by tracking who accessed them and who made changes to them. Other sorts of security measures, such as encryption for the files, firewalls that allow or prevent access, and regular security audits, have also been implemented for this paradigm.
Security with No Interference
The noninterference security model is also known as the Goguen-Meseguer security model. Its primary focus is on the manner in which the activities of a subject with a higher sensitivity level influence the state or actions of subjects with a lower sensitivity level (Goguen, 1982). Users, or subjects, are separated into their own compartments so that information or data does not flow into other compartments. This is done so that the users do not "interfere" with items that are on a different sensitivity level. This model is a very advanced mathematical model that is rarely utilized in actual practice.
The Possibility of Deduction Safety
The capacity of a user of the system to "infer" or "deduce" knowledge about the data is referred to as the deducibility security paradigm. This model's primary focus is on the process of accumulating data in order to draw conclusions based on that data. Subjects with a low-security level should not be allowed access to data held at a higher security level because they may be able to deduce data from the context of the information (Bishop, 2009). When put into practice, this approach shows its greatest potential for effectiveness when applied to activities involving the protection of individuals' privacy during data mining.
The subjects, purposes, and rights that pertain to information access are the primary focal points of this security paradigm. It is designed with numerous layers of security so that there is no single point of failure.
According to Graham (1972), the seven degrees of protection are as follows:
1. No sharing at all.
2. Sharing copies of programs/data files.
3. Sharing Originals of programs/data files.
4. Sharing programming systems/subsystems.
5. Permitting the cooperation of mutually suspicious subsystems, e.g., debugging/ proprietary subsystems.
6. Providing memory-less subsystems.
7. Providing "certified" subsystems.
Anderson, R. J. (1996.) Security in clinical information systems. Cambridge, England: University of Cambridge Computer Laboratory.
Bishop, M. (2009). Mathematical models of computer security. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed., vol. 1, pp. 9.1-9.20). Hoboken, NJ: John Wiley & Sons.
Bell, D. & LaPadula, L. (1976, March) . MTR-2997, Secure computer system: Unified exposition and multics interpretation.
Brewer, D. F. C., & Nash, M. (n.d.). The Chinese wall security policy. Gama Secure Systems, UK.
Clark, D., & Wilson, D. (1987). A comparison of commercial and military computer security policies. IEEE Symposium on Security and Privacy.
Graham, G. S. & Denning, P.J. (1972). Protection–Principles and Practice. AFIPS Conference.
Gougen, J. A., & Meseguer, J. (1982). Security policies and security models. IEEE.
National Institute of Standards and Technology. (2004). Standards for security categorization of federal information and information systems.
National Institute of Standards and Technology. (2017). Verification and Test Methods for Access Control Policies/Models.
Wright, C. (2008) The IT Regulatory and Standards Compliance Handbook
Appendix B: Security Plan
Every business must have a security plan in place. The best defense against cyber-attacks is a multi-layered approach that includes staff training, stricter access control, physical network security, and ongoing hardware and software updates (Cybersecurity for Small Businesses, n.d.). Companies with significant cyber security investments were breached, yet quick reaction techniques reduced losses. A company nowadays would undoubtedly collapse if it didn't prepare for a cyber-attack; data protection is crucial. Telstra Corporation Limited suffered from recent data. Their weakness was exposed by an insider threat. However, no company can completely eliminate cybersecurity risk. This simple security plan will decrease the opportunity for hackers to compromise an organization's infrastructure.
Telstra Corporation Limited purpose:
“So we're committed to staying close to our customers and providing them the best experience. And delivering the best tech. On the best network. Because our purpose is to build a connected future so everyone can thrive” (ABC, 2019).
“Together, we're reimagining the future…At Telstra, it's people who give purpose to our technology. We innovate to help our customers, build better futures, and move each other and our communities forward, together” ( ABC, 2019).
Define the Threat
Threats from within an organization (Insider Threats) pose a dynamic and complex risk that can harm both the public and private spheres of any and all critical infrastructure sectors. This section gives an overview in order to frame the discussion of insiders and the hazards they pose; identifying these threats is a vital step in the process of comprehending and implementing an insider threat mitigation program. The Telstra Corporation Limited data breach could be considered an insider threat. Management will implement the document recommendations to better secure and protect the infrastructure of the organization, employees, and stakeholders’ personal and private information once the threat is defined. Threat detection must be identified, immediately, in order to create a solution and ratify the potential or attempted infiltration.
Detect and Identify
Both human and technology components are necessary in order to successfully detect and identify possible insider threats. Those that are close to an individual, such as family, friends, and coworkers, are a wonderful resource for observing concerning behaviors, and so is the organization's own staff, which is an excellent resource (Cybersecurity & Infrastructure Security Agency, n.d.). People that work for the organization typically understand the life events and other difficulties that an individual is dealing with, and they may be able to put troubling behaviors into perspective for the individual. The staff of an organization is the human element that must be present for the purpose of detecting and identifying an insider threat. Vulnerabilities can also be discovered by the utilization of technology, in conjunction with human sensors, for the purpose of detecting and preventing threats posed by insiders (Cybersecurity & Infrastructure Security Agency, n.d.). After the threat is identified, skilled trained staff will assess the threat to determine the best solution to combat the attack.
The process of accumulating and assessing information about a person of concern who may have the interest, motive, intention, and capacity of causing harm to an organization or to individuals is referred to as threat assessment. An insider threat assessment is a specialized field that calls for the collaboration of multiple people in order to evaluate a person of concern and establish the breadth, depth, and potential repercussions of a potential risk.
Behaviors, rather than profiles, are used as the foundation for threat assessments, and the nature of behaviors makes them very flexible. An insider incident, whether intentional or inadvertent, can be avoided with the use of a threat assessment's primary objective, which is to stop the occurrence of such an incident (Cybersecurity & Infrastructure Security Agency, n.d.). There is no approach to a threat assessment that is universally applicable to all circumstances. It should take a holistic approach, be polite, and be centered on assisting the person of concern, providing intervention techniques to prevent an insider incident, and reducing the repercussions if a hostile act does occur.
Manage the Threat
The stopping of a trajectory or changing the course of events from a bad consequence to an effective mitigation can be accomplished through the proactive management of insider threats. Interventions designed to lessen the threat posed by a person of concern are implemented by companies as part of their insider threat management programs. The organization needs to keep in mind that the ultimate aims are the safety of both the organization and the individuals working for it, as well as the prevention of an incident involving an insider threat.
The threat management team should recommend and coordinate measures that have been approved within the company’s security policies and guidelines in order to continuously monitor, manage, and mitigate the risk of harmful actions whenever an assessment suggests that the person of concern has the interest, motive, and ability to attempt a disruptive or destructive act. During the management phase, the COO will confirm that the policies and guidelines are aligned and comply with the local, federal, and organizational requirements for infrastructure security protection. The threat management team will review and evaluate the existing network and operating system to identify all outdated and expired systems (Cybersecurity & Infrastructure Security Agency, n.d.). Once the review is completed, a representative from the threat management team will establish a constructive relationship with local and federal law enforcement agencies and define the conditions under which the threat management team may ask for assistance in making a decision (Cybersecurity & Infrastructure Security Agency, n.d.).
Staff should think about asking for the assistance of local law enforcement when the following situations arise:
· Actual criminal offenses have been committed; there is either an ongoing or impending danger of violence; an involuntary commitment for mental health treatment is required.
· A potentially violent individual is being sacked or suspended from their position;
· It has come to our attention that an instance of domestic violence poses a risk to the organization's safety; or
· In order to guarantee the possible victims or persons of concern safety, it is necessary to conduct wellness checks on a recurring or as-needed basis.
Additionally, law enforcement is able to offer additional help at times of increased risk and can improve an organization's readiness during times of emergency.
Telstra Corporation Limited’s vision and mission statements are clear; Telstra Corporation Limited’s breach has jeopardized the company’s future existence and the trust of their employees and customers. Telstra Corporations Limited must remember to utilize the four steps regarding insider threats: define the type, detect and identify, assess, and manage the threat, if ever compromised, again. It may serve as a warning to Telstra Corporation Limited to safeguard its data. Data breaches are on the rise, as are cyber threats and vulnerabilities.
ABC. (2019, December 22). Telstra Security Report
Cybersecurity & Infrastructure Security Agency. (n.d.) Managing Insider Threats.
Cybersecurity for Small Businesses. (n.d.). Cybersecurity Basics.