Valdes
Asked: 2023-01-23T05:52:14-05:00 In:

SECURITY ASSESSMENT & TESTING

Business Case: Local airport

The parameters.

15,000 passengers a day

530 flights daily  

350 fulltime employees

There are three databases in the Airport’s data center.

1-Passenger database to record and authenticate each passenger in the airport

2-Employee database to record and authenticate each employee in the airport

3-Flight database to record each flight in the airport

Every day the following processes must be done:

Process 1:  For each passenger: a Boarding Pass will be calculated, prepared, and stored. The final version of the boarding pass will be printed on the printers at the airport

Process 2: For each aircraft; Flight logs along with the passenger checklist will be prepared and stored.

Process 3: One-week old Passenger and Flight data will be stored in long-term storage (archive)

Question 1 Identify cyber assets based on the NIST definition in the given Local airport business case. List the cyber assets.

Question 2 What are the steps that you would follow to fulfill the requirement of the NIST Risk Management Framework for the Airport? Write each step

Question 3 Do your search and find common cybersecurity threats in aviation.  And prepare your Risk Assessment Report (RAR) Based on the following threat sources

  • Adversarial
  • Structural
  • Environmental

Question 4 List the Risk Treatment Alternatives you would consider for each cybersecurity threat for the Airport.

Computer Science
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Best Answer
    Master

    Answer 1: The cyber assets in the given local airport business case are: 1- Passenger database 2- Employee database 3- Flight database

    Answer 2: Step 1: Identify the assets, their value and the potential risks to them. Step 2: Identify the threats to those assets and the likelihood of them occurring. Step 3: Evaluate the vulnerabilities of the assets and the impact of the threats on those assets. Step 4: Determine the risk level for each threat-vulnerability pair. Step 5: Implement risk mitigating controls or countermeasures for the assets. Step 6: Continuously monitor and assess the effectiveness of the implemented controls. Step 7: Plan for incident response and recovery.

    Answer 3:

    • Adversarial Threats:
      • Phishing attacks targeting employees and passengers
      • Advanced persistent threat (APT) attacks targeting the airport’s data center
      • Malware infections on airport systems and devices
    • Structural Threats:
      • Power outages or natural disasters
      • Failure of critical systems or equipment
    • Environmental Threats:
      • Temperature and humidity fluctuations in the data center
      • Airborne contaminants or dust that can damage systems and equipment

    Answer 4:

    • Adversarial Threats:
      • Implementing employee awareness and training programs
      • Implementing multi-factor authentication
      • Implementing intrusion detection and prevention systems
    • Structural Threats:
      • Implementing redundant systems and equipment
      • Conducting regular disaster recovery drills
    • Environmental Threats:
      • Implementing temperature and humidity controls in the data center
      • Implementing regular cleaning and maintenance schedule for systems and equipment
    • Implementing regular security audits and penetration testing.
    • Implementing incident response and recovery plan.
    • Implementing encryption of sensitive data.
    • Implementing regular software updates and patch management.
    • Implementing network segmentation.
    • Implementing access controls.
    • Implementing monitoring and logging.
    • Implementing backups and disaster recovery.
    • 0