Procedural Security

Limit types of assets accessed
via specific components

The player has the ability to instruct users to behave in specified ways to provide a more secure environment for protecting the enterprise assets to enforce the security policy . For example, users can be instructed to routinely change their passwords. The effectiveness of these instructions will depend in part on the attitude and degree of training provided to the users. Within the game, the procedural security choices are defined as being instructions to users. Players can also make choices to configure components in ways that automatically constrain users. For example, a component can be configured to automatically require a user to periodically select a new password. These choices differ from procedural security choices and referred to as "component configuration " choices and are described within components .

Tutorials

Configuration Management

Procedural security

The player has a wide range of procedural security choices. In some scenarios, it may be useful to define different procedures for different components. Each component has its own set of associated procedural security choices that can be viewed and selected via the Procedural Settings Box from the Component Tab. Additionally, for convenience, players can define the default procedural settings for a given zone , and all components introduced into that zone will inherit the default procedural settings. Players can then change the procedural settings of any given component, and can copy the settings from one component to another. The users will behave based on procedural choices associated with the components with which they are interacting.

Procedural security choices fall into a small number of broad categories:

Limit the kinds of assets that users will store on a given component (e.g., limit a component to non-sensitive data)
Request users to follow specific password management policies on a given component
Constrain the way that users make use of a component (e.g., surfing the web, opening email attachments, etc.)
Affect the user's management of the component (e.g., apply software patches, perform backups, etc.)

Limit what kinds of assets are accessed via the component

Description

Allocated Security Labels

Constrains on the security labels of assets that are to be created on a given component. The intent is to allocate assets having certain security labels to one or more specific components. When a user creates an asset (e.g., to achieve a goal) if the asset has a label, these values will constrain which component will contain the asset. If no components include the label within their ranges, the asset could be created on any component that has no defined range. However if any component's range includes the label, then the asset will only be created on such a component. Of course the player always has the option to manually assign the asset to a component.

Maximum Secrecy Label	Don't use the component to store assets other than that which can be viewed by someone with this secrecy clearance in accordance with the mandatory security policy. This is intended to keep high secrecy assets off components that could be accessed by users who lack the necessary clearance.
Minimum Secrecy Label	Don't use the component to create and manage assets that could be viewed by someone who does not have at least this secrecy clearance. The component may be used to access such assets. This is intended to keep authoritative copies of low secrecy assets off components that can't be accessed by users who might need to access the low secrecy assets.
Maximum Integrity Label	Don't use the component to store assets other than that which can be modified by someone with this integrity clearance in accordance with the mandatory integrity policy. This is intended to keep high integrity data off components that might be accessed by users who lack the necessary integrity clearance.
Minimum Integrity Label	Don't use the component to create and manage assets that could be modified by someone who does not have at least this integrity clearance. The component may be used to access such assets. This is intended to keep authoritative copies of low integrity assets off components that can't be accessed by users who might need to modify the low integrity assets.

Access Lists

Don't use the component to store assets other than those that can be accessed by these named users in the specified modes. For example, an access list might specify the component is to be used to access assets that can only be read by the "Accounting" group.

Component Password Policies	Description
Don't write down passwords	Do not write down passwords used to access this component in places that might be viewed by other users.
Logoff or screen lock workstations	Do not walk away from a workstation without first logging off or engaging a screen lock.
Password length	The length of passwords that users select to use on this component. The value can be "long", "medium", or "short".
Password character set	The complexity of passwords that user select to use on this component. The value can be "any", "moderate" or "complex".
Password change frequency	How often users will change the passwords used to access this component. The value can be "never", "twelve months", "six months", or "two months".

Constraints on Use of the Component	Description
Beware of email atttachments	Instruct users to not open email attachments that can potentially propegate malicious software. Some email attachment types are obviously executable, such as ".exe", and these should not be opened unless they are expected and known to be free of malicious software. Other attachment types are less obv ious, such as ".pif", or ".vb", which should be treated as ".exe" files are. And then some extensions are usually harmless because their content is unlikely to subvert the application used to view the file. These include ".txt". Some document types such as "Word" documents (".doc") potentially execute macros that can be malicious. However, in many organizations these documents are used extensively and thus must be opened to get work done. The following is a list of file extensions that are potentially executable: ade \| adp \| app \| bas \| bat \| chm \| cmd \| com \| cpl \| crt \| emf \| exe \| exe-ms \| fxp \| grp \| hlp \| hta \| inf \| ins \| isp \| js \| jse \| lnk \| mda \| mdb \| mde \| mdw \| mdt \| mdz \| msc \| msi \| msp \| mst \| ops \| pcd \| pif \| prg \| reg \| scr \| sct \| shb \| shs \| vb \| vbe \| vbs \| wmf \| wsc \| wsf \| wsh
No External Software	Don't install software yourself. Only use that provided by the support staff.
No Web Mail	Don't use off site web servers to access web based mail accounts.
Protect assets with ACLs	Use ACLs to protect assets on the components. This requires that users explicitly set and manage ACLs, particularly on shared assets.
Password change frequency	How often users will change the passwords used to access this component. The value can be "never", "twelve months", "six months", or "two months".

User Management of Component	Description
Apply patches	Apply patches to the operating system and applications as needed.
Update anti virus	Periodically updating anti virus software.
Leave Machines On	Leave the component turned on so that they can be remotely administered by the support staff.
No Physical Modification	Don't make physical modifications to the component, including addition of cards to either the internal or external buses.
Backup	Backup the assets resident on this component.
No removal of media from the zone	Don't take media containing assets from this component outside of the zone.