|
Enterprise
Security Policy
Each enterprise has users and assets .
Within each game scenario , the
enterprise security policy is defined in terms of which users are
authorized to access which assets. Some assets have a lot value
to the enterprise, others are of relatively little value. And
assets have
different values to attackers, resulting in different levels of
motivation for attackers to compromise assets. Some assets have
value because they
are secret (e.g., proprietary manufacturing data). Other assets
have
value because of their integrity (e.g., authoritative accounting
records). To protect the secrecy and integrity of its assets, the
enterprise has up to two kinds of security policies: discretionary
and mandatory . The discretionary security policies vary
by asset and identify specific users or groups of users that are
granted or denied specific kinds of access (e.g., read, write) to which
assets. The mandatory policies are fixed by the enterprise and
generally are not up to the discretion of users. Additionally,
each enterprise has an availability policy the describes the potential
loss should specific assets become unavailable to users who need them.
Discretionary Access
Control (DAC) Policy
The DAC policy defines which users are authorized access to each
specific named asset. Each asset has a defined list of users who
are authorized to access the asset. Each such list describes the
type of authorized access, and this can include "read", "write",
"execute" or "control" (the ability to grant other users access to the
asset). Note that these lists represent the intended
protections for each asset. Whether or not the assets on components are actually protected per the
intended protections depend on a variety of player choices, including
the use of operating systems
that enforce DAC polices (e.g., via access control lists.) The
lists that define the intended DAC protections for each asset can
identify
individual users, and/or groups of users. Each enterprise
includes
a number of named groups of users. For example, some scenarios might
include
an "engineering" group or a "accounting group". Each user is a
member
of one or more groups. The player can examine users via the User Screen
in order
to determine which groups they belong to. Note that
users of different groups can be subject to different degrees of background checks . The
player can view the intended discretionary protections for each asset
via the Asset screen. These intended protections are
presented to the player as lists of permitted or denied forms of
access.
For example, one list entry might specify that anyone in the
engineering
group is intended to have both read and write access to an asset.
Another entry might specify that a user named Mary should have no
access to the
asset. If an asset's intended discretionary protections are
compromised,
the enterprise suffers a loss that depends in part on who compromised
the
asset. For example, if an asset that is intended to only be read
by
an "engineering" group is in fact read by the "marketing" group, the
cost
to the enterprise could be greater than if the asset were read by the
"human
resources" group. The costs associated with compromises to the
intended
discretionary protections of an asset can be seen by viewing the
attributes
of that asset.
Mandatory
Access Control (MAC) Policy
Some scenario enterprises have a MAC policy that constrains user access
to different kinds of information as opposed to specific named assets.
These policies are defined in terms of secrecy and integrity
labels that are assigned to assets and users. The player can view
the mandatory policy via the briefing
screen. The mandatory policies are expressed as relationships
between labels. For example, a mandatory secrecy policy might be:
only users having a "Proprietary" clearance can view proprietary
assets.
An integrity policy might be: only users which an "Accounting"
clearance
are permitted to modify the authoritative accounting information.
If
an asset's intended mandatory secrecy or integrity protections are
compromised,
the enterprise suffers a loss defined for the specific secrecy or
integrity
label within the briefing screen. An attacker's motive to
compromise
assets of a given mandatory secrecy or integrity is also described in
the
briefing screen. The player can view the secrecy and integrity
clearances
of users via the User screen. The player can view the secrecy and
integrity labels associated with assets via the Asset screen.
Note that different secrecy and integrity clearances can be subject to
different degrees of background
checks .
Availability Policy
In addition to the secrecy and integrity policy enforcement defined by
the enterprises MAC and DAC policies, enterprise assets also have an
availability policy. Each asset has an associated cost that the
enterprise suffers if the asset is not available to the users that need
to access it. Each asset also has an associated value reflecting
an attackers motive to make the asset unavailable. Also,
different users have different needs to access different assets,
defined as the user's goals . If a
user cannot access assets necessary to achieve the user's goals, the
enterprise incurs costs resulting for lost productivity.
|
Tutorial Information
|