Case study -1

An organization has received orders from the government defense

department to design , manufacture and supply Submarines to
induct into the Naval defense division of its
defense strength . The submarines are high Combative defense
system with nuclear powered equipment’s . Because most of the
detailed information about how nuclear subs and naval reactors are
designed is kept classified, risk assessments are ‘best guesses’
based on what can be known about existing ships and systems,
and by making comparisons with safety systems in commercial
reactors. ARPANSA (the civil nuclear safety
authority) report obtained under the Freedom of Information Act
notes that there is uncertainty around what kind of emergency core
cooling system naval nuclear reactors have.

The way an emergency cooling system works is important to

understanding the risks of naval nuclear reactors to people and the
environment - but this information is classified.

Identify the risks associated with the manufacture of the submarine

and ways to mitigate those risks so identified.

case study – 2
India has decided to buy 20 Howitzers from another country Z to
induct into its army to strengthen the defence against the enemy
countries .Incidentally it floated a Global tender and received
quotations from many countries including friendly countries and
enemy countries .
It has found that the quotes from country Z , one of the enemy
country was very competitive and attractive and terms and
conditions for technical and financial bids will make sure that the
country Z will win the order . However the country A grew
suspicious that country Z may be planning to sell at very cheap
rates and supply Howitzers which may harm the defence system .
(This based on past experience that Indian Army's artillery – M777
ultra light weight howitzer – had met with an accident during trials
at the Pokhran firing range in Rajasthan.   Sources in the Army on
Tuesday admitted that during a routine firing exercise the barrel of
one of the guns was burst and consequential damage to vehical
carrying the Howitzers were substartial )

It has given an order to a consultant to study the risks involved

and whether these risks can be countered by technology and
customization and still go for the purchase of these howitzers from
the country Z . You are the consultant .Identify the technical risks
involved and give a report to the Technical team of Army to take a
decision .

Case study -3
A country’s premier space center has designed a rocket for a
defense sensitive satellite to be placed in an orbit which will have
transponders to monitor the movement of enemy troups and attack
weapons in the border of the country . The order was given to s
reputed organization and was built at the cost of 300 Crores with 3
years of work . when the satellite was about to be launched , it
underwent a countdown for testing all the parameters by sensors
feeding information to the on board computer . The count started
from 10 ,9,8,7,6 ,5 and suddenly the computer instructed the
launch team to stop the mission , indicating there is leakage of fuel
in the rocket engines .
The mission director asked his team of scientists to advise on the
go ahead of the launch or drop the mission to rectify .
The design team has told the mission director that they had built a
safety factor and told that sufficient extra fuel is there that even if
the leakage happens the satellite cane be launched in the decided
orbit before the rocket fails .
The mission director has summoned the risk team and asked to list
down the risk of failure and advise on the launch within the planned
time . Do a FEMA analysis and advise the director to take decision
.

Case study -4
The army has given an order for 20 spy Drones to spy on the
enemy movements across the border .The design of drones
involves radio devises and FOB devises .the army has given an
order to a defence manufacturing company to audit the company
manufacturing Drones ,radio equipments , control panels and key
fob devices that generate random cryptographic key codes. The
devices are manufactured to order for a multinational secure
communications systems provider and are shipped securely in
tracked parcels directly to their end users.

The next activity on your audit plan is the assessment of the

organization’s goods in/out loading bay. Raw material
components, waste and high value assets all pass through this
area.

A review of the company’s Statement of Applicability has already

shown that all Annex A control of ISO standard 27001 objectives
and controls are justified as in-scope.
Outline in a checklist how you will perform this audit by developing
a series of ten audit checkpoints.

For each checkpoint, identify examples of the audit evidence you

would want to gather and give the appropriate ISO 27001
reference.
==================================================
Suggested Typical answers
Case study -1
 What is the plan for distribution of stable iodine to communities and port workers?
 Will communities be educated to respond to accidents?
 Will communities be consulted on accident response plans?
 Wherever there is nuclear fission, there is a potential for harm to people and the
environment.
 A core meltdown is the most serious accident in a nuclear submarine. Following an
accident involving meltdown, dangers to people and the environment include:direct
gamma radiation from the vessel;
 gamma radiation from a drifting cloud or plume of radioactivity and from material
deposited on the ground;
 release of fission products to seawater;
 inhalation of airborne fission products, in particular radioactive iodine;
 ingestion of fission products from contaminated food or water;
 ingestion of fission products indirectly, particularly radioactive iodine in milk from
cows grazing on contaminated pastures.
 What is the existing radiation emergency capability in current and proposed
nuclear sub port sites?
 How will any gaps in training and capability be addressed, and funded?
 Will local health and medical services be consulted?
 How can the public verify the quality of emergency management plans and
systems?
 How can authorities demonstrate their capacity to respond to radiation
emergencies, and other accident scenarios?

Case study 2 .

 .Did the change in the material, coupled with the low-temperature soak at -54° C (-
65° F), cause a significant change in the ignition characteristics of the base pad?
 Is it possible to locally ignite the propellant directly by the primer and, thus,
completely bypass the igniter train?
  Is it possible to ignite the ignition train or propellant with an "inverted charge"
configuration, that is, with the charge loaded backward?
 Was the primer output altered in some way so as to be ineffective in igniting the
black powder?
 Was the black powder used is ballistically defective?
 What component of the system is capable of yielding ignition delays from 5-10 s?
 (7) Is it possible to develop hangfires with a missing or partially empty base pad
from the igniter train?
 Does moisture significantly affect the performance of the base pad?
 The charges were temperature-conditioned in an environmental chamber that
used liquid C02. Could a malfunction in the cooling system result in charges that
are conditioned at dry-ice temperatures -78° C (-109° F)? If so, could this low
temperature cause a malfunction in the igniter train?
 The igniter system was designed with a 7.5-cm (3 in) gap between the black
powder base pad and center core snake (Does the confinement of the charge
within the chamber have an effect on the ignition of the snake by the base pad?
 Due to the differences in diameters of the charge and chamber and the presence
of the "Swiss notch,"* it is possible for the center of the charge to be -1.5 cm (0.6
in) off axis from the primer "spit hole" located in the breech. In addition, charge
design specifications allow for 1.9 cm (0.75 in) of misalignment of the NC tube with
respect to the charge. Is it possible for misalignment to cause a hangfire in the
igniter system?
 Is it possible to determine from an examination ofthe pressure-time from Rounds
142 and 143 whether or not any or all of the igniter components functioned
normally? What pressures should be expected from the igniter train?
 As mentioned earlier, the hypothesis up to now has been that one or more of the
igniter elements failed to function. Previous experiments with base pad ignition
have shown that hangfires do not occur with a functioning base pad [2]. This
hypothesis should be reexamined, considering that the present malfunction
occurred at -54° C (-65° F) and that a new and more durable cloth was used for the
base pad (as well as a different primer). The question that should be asked is, "Will
a fully loaded and operating base pad ignite the M30A1 propellant?"
 Is it possible that the black powder in the base pad sifted into an area such that
the product ofthe M82 primer penetrated an empty portion ofthe base pad and,
consequently, did not ignite the base pad?

Case study 3

 Space weather: Space weather could mean meteorites, solar wind, and other
environmental factors – all of which could influence the orientation of a satellite or
even physically impact an asset.
 Conjunctions: Space junk is the human debris and objects that remain in space but
no longer serve a purpose. Any of these items could interfere with active satellites,
by coming too close (conjunction) or hitting these assets. A conjunction can also be
two operational satellites coming too close to one another.
 Anti-satellite systems: Human entities can target satellites to disrupt the service of
a satellite. This could be done using kinetic objects, like launching something
physical, or non-kinetic objects, such as a laser or cyber attack on the network.
 Cosmic radiation. En route to another world, astronauts will be bombarded with
cosmic radiation: tiny, high-energy atom fragments that whiz through space and
can damage cells and DNA. ...
 Going stir crazy.
 Space fungus.
 Microgravity.
 cryogenic engine shut off prematurely. Another mission was aborted due to a fuel
leak
cyber attackers with an enormous number of potential inroads for hacking. The
vast number of entry points also compounds the difficulty of tracing and shutting
down a cyber attack. The most common threats are GPS jamming, eavesdropping,
spoofing, or hijacking. Jamming is done by overpowering a signal, a receiver, or
the transmitted data; eavesdropping by encrypting the data on satellite
transmission, and hijacks by seizes the broadcast data for spoofing to harm
authenticity.

Case Study -4

 Referring to appropriate plans, what risk assessment and prioritised

treatment has been proposed for the physical protection of the loading bay?
(6.1.2, 6.1.3, 6.2)

 How are the layers of security demonstrated in practice by physical

perimeters to protect the loading bay? Do these match the planned
perimeters documented risk treatment plans and on site plans? (6.1.3, 6.2,
A.11.1)

 What physical entry controls apply to internal and external entry points to
the loading bay area? Do observations match the planned controls
documented risk treatment plans? (6.1.3, 6.2, A.11.1.2, A.11.1.6)

 Are visitors (e.g. vehicle drivers) physically segregated to avoid

unauthorised entry to secure holding areas from where product despatch is
managed? (A.11.1.5, A.11.1.6)

 What monitoring and measurement is applied to enable the effectiveness of

these physical entry and perimeter controls to be evaluated? (9.1)

 What monitoring and measurement is applied to enable the effectiveness of

these physical entry and perimeter controls to be evaluated? (9.1)

 The loading bay is potentially vulnerable to a range of environmental

threats from extreme weather to damage caused by wildlife. How have
these been considered and treated? (6.1.2, 6.1.3, 6.2)
 The loading bay has a finite capacity for throughput. How has this been
assessed and how is it monitored? Is traffic regulated to avoid bottlenecks?
(6.1.2, 6.1.3, 6.2, A.12.1.3, 9.1)

 The loading bay handles both products for despatch to end users and waste
for destruction and disposal: How are these segregated to maintain the
integrity and availability of product assets intended for despatch? (A.8.1.3,
A.12.1.1)

 What documented information demonstrates the controlled transfer of asset

ownership from production to despatch and to the end user? (A.8.1.1,
A.8.1.2)

 As the products include cryptographic processing functions technically

matched with the secure communications systems that they work with,
their technical content is both critical and sensitive. How are these assets
classified under the company’s information classification scheme? Evidence
of criteria. (A.8.2.1)

 What procedures apply to the handling of these assets? Does this comply
with the classification scheme and is this matched by observations?
(A.8.2.2)

 Are there event logs recording user activities, exceptions, faults and
information security events for activities in the loading bay area? How are
these logs protected (A.12.4.1, A.12.4.2)

 What controls apply to the secure packaging and transfer of products to end
users? (A.13.2.1)

 If the product distribution to end users involves one or more external

service providers, what security control requirements have been contracted
in supplier agreements? How is their performance monitored? (A.15.1.2,
A.15.2.1)

 Cryptographic technologies are subject to regulation in some territories.

What verification and validation is performed to ensure that relevant
agreements, legislation and regulation are complied with? (A.18.1.5)