UCTrust Risk Analysis

(DRAFT - 12/2/2004)


The following is an analysis of potential risks associated with UCTrust, in particular with respect to UC's employee self-service applications, UC For Yourself (UCFY) and Your Benefits Online (YBO).

UCFY and YBO manage extensive information about all of UC's employees.  Much of that information is defined to be sensitive by Business and Finance Bulletin IS-3: Electronic Information Security, as well as being covered under recent California privacy laws, such as SB 1386.  YBO also provides access to employees' retirement accounts and other benefits.  [Insert statistics on size of employee accounts, etc. here.]


Vulnerability
 Risk Mitigation
Identification

Employee provides false credentials during hiring.
 Low
 None required.  Current federal legal requirements provide sufficient controls.
Loss of synchronization between campus identity repository and Payroll.
 Low
 Ensure that campus procedures include controls to prevent / detect this.
Registration

False credentials (i.e., someone else's credentials) are provided during registration.
 Low Ensure that campus procedures include sufficient controls to prevent / detect this.  (E.g., include a confirmation step that verifies remote registration, or do registration in person using a picture ID.)
Issuance of user name and password (or certificate, token, etc.) allows interception by a third party or spoofing of the campus ID managment system.
 Low
 Ensure  that campus technology and procedures include controls to prevent this.
"Legacy" employees have logins but have not passed current registration requirements.
 High
 Ensure that campus practice re-registers such employees before allowing access to UCTrust resources.
Authentication

The exchange of user name and password (or certificate, token, etc.) allows interception by a third party. Low
 Ensure  that campus technology and procedures include controls to prevent this.  Educate users to guard against visible access to passwords, etc. during authentication.
Employee's password is "guessed."
 Medium
 Ensure that campus technology and procedures disallow the use of easily-guessed passwords.  (Current risk is probably low, due to existing campus technology and procedures.)
Employee leaves a session unattended and someone else uses that session.
 Medium
 Ensure that campuses and services implement session timeouts to minimize the window during which this can happen without cause innappropriate inconvenience for valid users.  Consider the use of system-locking tokens for high security applications.
General

Unauthorized release of campus identity information.
 Low
 Ensure that identity management systems comply with IS-3 and other University policies for restricted resources.
Failure of the identity management infrastructure.
 Low
 Ensure that identity management systems comply with IS-3 and other University policies for essential resources.
Employee shares password (or private key, token, etc.) with others or records it in an insufficiently-protected location. Medium
 Ensure that campus policies disallow this and place responsibility on the employee.  Educate users to the importance of this.  Educate technologists to strategies for eliminating the need for sharing passwords in operational systems.