Board of Directors Room
OpenSecurityArchitecture (OSA) distills the know-how of the security architecture community and provides readily usable patterns for your application. This is a free framework, developed and owned by the community.
Click on controls in the diagram to view details. Download SVG
When to Use
Easy to use but highly secure. Documents can be read on any un-trusted computer, it is assumed a Trojan Horse is present on the computer where the documents are read. Documents are also encrypted when downloaded to the USB stick.
When NOT to Use
It is not an Ad-hoc solution, a USB stick is delivered to the users in the setup phase. The solution is practical only for a small number of users.
Threat Resistance
The solution is resistance against generic Trojan Horse on the un-trusted computer where the Board of Directors read the documents. "Board of Directors Room" application is secured against any web application threats according to OWASP. A number of residual risks remain with this pattern:
- A board member taking screenshots and printing/mailing/saving the screenshots
- A board member handing the secure device to other persons
- A specific Trojan Horse attacking this specific device (USB stick with hardened browser)
Assumptions
Only small user base – 10-30 users expected. The computers of the Board Secretaries where the documents are created are secure.
Mapped Controls (17)
- AC-01 Access Control Policies and Procedures
- AC-02 Account Management
- AC-03 Access Enforcement
- AC-20 Use Of External Information Systems
- AU-03 Content Of Audit Records
- AU-08 Time Stamps
- AU-09 Protection Of Audit Information
- AU-10 Non-Repudiation
- AU-11 Audit Record Retention
- IA-02 User Identification And Authentication
- IA-04 Identifier Management
- IA-05 Authenticator Management
- IA-07 Cryptographic Module Authentication
- SC-08 Transmission Integrity
- SC-09 Transmission Confidentiality
- SC-12 Cryptographic Key Establishment And Management
- SC-17 Public Key Infrastructure Certificates