Qantas COMP1300 PDF

Preview

Summary

qantas...

Description

●

Use the Principles of Least Privilege (PoLP), which enforces that employees only have the minimum clearance required to complete their tasks ○ For example flight attendants don’t need to be able to read customers payment information to check them in, so they should not have access to it ○ By adhering to PoLP policy it lowers the risk of attackers gaining access to Qantas vital data through lower level accounts

●

If a staff member leaves qantas or moves internally update their accounts privileges immediately. ○ If they leave revoke all privileges, if they move internally then update their privileges to be inline with the PoLP

●

Train staff to recognise different types of cyber attacks and how they should report one

●

Train staff in the importance of password security, and how to craft a unique password

●

Train staff to not open files from unknown sources

●

Train staff how to use Qantas software

●

Train staff in the appropriate use of Qantas networks and devices

●

Identify what devices are used on the network

●

Define the configuration guidelines for the devices. Including what secure connections the device needs and how security on the devices should be managed

●

Decide how often the devices should be checked to ensure they are up to date with Qantas policy ○ If a device is found to be operating outside the defined policy then either it has to be fixed or an exemption needs to be granted

●

Prepare for an attack by analyzing the importance, location and sensitivity of all data, check cyber policies are up to date with regulatory bodies and perform regular backups to allow for a full system restore

●

Use proactive tools to detect software that shouldn’t be on the system

●

In order to respond to an attack the infected system should be isolated and restored to a pre-incident state using backups

●

To recover from the attack the security fault that enabled the attack should be fixed, an incident response report should be created and any stakeholders should be alerted of the breach

Control Access based on least privilege and maintain the user access accounts

Conduct cybersecurity education and awareness activities

Manage technology changes and use standardized secure configurations

Establish an incident response plan

Fairhead, Jaiden (46963413); Kortbawi, Eliah (46965513); Harb, Nina (46395458)

2016. IT Access Control and User Access Management Policy. [ebook] Grande Prairie Regional College. Available at: https://www.gprc.ab.ca/about/administration/policies/fetch.php?ID=320. [Accessed 11 March 2021]. Beyondtrust.com. February 19th, 2021. What Is Least Privilege & Why Do You Need It? | BeyondTrust. [online] Available at: https://www.beyondtrust.com/blog/entry/what-is-leastprivilege. [Accessed 11 March 2021]. GDPR Associates. 2019. Data Protection and how to prevent Data Breaches. [online] Available at: https://www.gdpr.associates/data-breach-prevention. [Accessed 11 March 2021]. Infocyte. 2021. Incident Response Planning: A Checklist for Building Your Cyber Security Incident Response Plan - Infocyte. [online] Available at: https://www.infocyte.com/blog/2019/11/07/incident-response-planning-a-checklist-for-buildingyour-cyber-security-incident-response-plan [Accessed 11 March 2021]. Jackson, B., 2018. Why Security Configuration Management (SCM) Matters. [online] The State of Security. Available at: https://www.tripwire.com/state-of-security/featured/why-securityconfiguration-management-matters. [Accessed 11 March 2021].

Fairhead, Jaiden (46963413); Kortbawi, Eliah (46965513); Harb, Nina (46395458)...