e-Recording Security Part 2: Security Risks
A risk is the undesired consequence that occurs when a threat successfully attacks or exploits a vulnerability further identified as having two components: the likelihood that the consequence will occur, and the impact of the consequence.
As previously discussed in e-Recording Security Part 1: Threats, Vulnerabilities & Risks, we learned what active threats and vulnerabilities are in regards to electronically publishing documents. As far as threats are concerned, internet based attacks and insider threats are continually the most frequently rated risks with high combinations of likelihood and impact. Vulnerabilities continue to rank high in risk categories for concern, including inadequate network security, poor authentication, and untrusted and uneducated employees.
RISK CATEGORIES
Risk categories have been organized to identify similar and/or repetitive elements. Categories include:
-
Unintended or Misuse of Access: poor authentication, insider threats, insecure test environment, etc.
-
Introduction of Malicious Code or Software: backdoor access, introduction of viruses, etc.
-
Corruption of Data: manipulation of data (intentional or inadvertent), receiving incorrect data, etc.
-
Recovery Issues: poor back-up procedures, catastrophic events, etc.
RISK RATINGS
Self-assessment tools should be used regularly to determine specific levels of risk faced by each agency. Risk ratings include a scale of 1 = low, 2 = medium, and 3 = high to rate the impact and likelihood of various combinations of threats, vulnerabilities and risks. Assessments can be used to identify other areas that need to be addressed in your specific environment.
RISK MITIGATION RECOMMENDATIONS
Unintended or misuse of access security risks stem from poor authentication, insider threats and insecure test environments.
Authentication: strong authentication practices should define acceptable identity credentials or account access information to be used by authorized individuals and can be used by system admins to verify a user as one authorized for system access (i.e. challenge questions, random one-time passwords, user ID and password combinations, etc.). Although multiple factors are preferred for strong authentication, a hybrid method should be used to gain acceptance as a strong form of authentication.
Insider Threats: two effective strategies include employee screening and network intelligence software. Since the public nature of land records is often underestimated as far as data sensitivity, it is critical to keep a watchful eye for sensitive information. Database manipulation and intent to modify content/context or simply vandalize is another serious concern for insider threats.
Insecure Test Environment: test environments that are not properly established or maintained can lead to various forms of attacks. In order to reduce risks in this area, access controls, segregation of test systems from production systems and the use of sample data rather than live data could be implemented.
Malicious Code or Software can be introduced to a system by a simple “social engineering” attack where a user is tricked into accepting a virus while believing actions are benevolent. Proper use of admin controls can help reduce/eliminate this risk. Since these threats are continuously evolving, it is important to update processes on a regular basis. Sorting incoming files by file type (i.e. TIFF, PDF, etc.) can provide an opportunity for review of unrecognized/potentially harmful files before it invades your system.
Corruption of Data includes the intentional manipulation and accidental corruption due to storage media failure. Precautionary measures include monitoring access controls and activity audits, limiting the number of parties with writable access, and schedule periodic quality assurance reviews of back-up and live data to ensure reliability of storage media.
Recovery Issues can include a limitless scope of precautionary measures in order to minimize this risk. A plan including assets of an organization, the location of assets and back-up/storage procedures in regular operations is helpful in accessing a recovery plan. It is also critical to test the plan in a limited scale test environment before finalizing the recovery procedure to ensure success.