Agent SureFire InfoSec Game
1
ISE 510 Security Risk Analysis & Plan
Week 3 HW 3-1 Video Game: Agent Surefire: InfoSec
30 points
<Last Name, First Name>
Due <DATE>
Submitted on <DATE>
If late let me know why:
=====================================
Delete these instructions in blue font before submission:
Change file name to HW#3_LAST_FIRST
A few comments up front:
-- The GAME instructions say to FIND the MOLE - - but you don't have too -- you just need to correctly categorize and document 7 vulnerabilities.
-- It takes about 45 minutes to 90 minutes.
-- The original purpose of this game play is to discover vulnerabilities that you can use for your final project. However, because the Game is very challenging, you will be provided a more definitive breach description.
-- You might want to watch this quick video, as an exciting introduction, before you start:
https://www.youtube.com/watch?v=x9vsofVgm5I
-- It is highly recommended that you read the Help Menu, once inside the game, for more details.
After navigating to the Jones and Bartlett Learning website that accompanies ISE 510, please start the GAME: Agent SureFire. Use the HELP feature to learn about the objective of the GAME and how to navigate and collect points for uncovering vulnerabilities.
After that, please write down a few sentences about each of the 7 (minimum) vulnerabilities. There are 10 Vulnerably Categorifies, see Appendix for a full list. Questions 3, 7 and 9 are mandatory; otherwise you can stop after completing 7 . Completing 7 vulnerabilities equals 100% score for this HW activity – you are welcome to do more than 7. If you have questions, please don’t hesitate to ask!
1) (vulnerability category #1). Cabinet and drawers left unlocked and/or their keys unsecured (even if they are empty). What example of this vulnerability category did you find?
2) (vulnerability category #2). Documents and media containing business information left unconcealed and/or unsecured.
What example of this vulnerability category did you find?
3) (Mandatory - vulnerability category #3). Documents or media with employee, client or partner information left unconcealed and unsecured.
What example of this vulnerability category did you find?
Give details: Which workstation did you find it? Can you identify the person the desk belongs to? What could be done to prevent this?
4) (vulnerability category #4). Improper disposal of documents containing sensitive information.
What example of this vulnerability category did you find?
5) (vulnerability category #5). Leaving the computer terminals or password-protected software running and unlocked.
What example of this vulnerability category did you find?
6) (vulnerability category #6). Leaving password protected software and running and unlocked
What example of this vulnerability category did you find?
7) (Mandatory - vulnerability category #7). Unconcealed PIN numbers and passwords
What example of this vulnerability category did you find?
Give details: Which workstation did you find it? Can you identify the person the desk belongs to? What could be done to prevent this?
8) (vulnerability category #8). Using predictable PIN numbers to access Voicemail
What example of this vulnerability category did you find?
9) (Mandatory - vulnerability category #9). Portable hardware left unattended, which if stolen would result in material, financial and strategic losses
What example of this vulnerability category did you find?
Give details: Which workstation did you find it? Can you identify the person the desk belongs to? What could be done to prevent this?
10) (vulnerability category #10). Possession and/or use of software and/or storage media that management deems illegal and unsafe.
What example of this vulnerability category did you find?
Appendix - Violation Category from the InfoSec Game