We use many different types of risk management methodologies and tools. A part of the process involves identifying the threats to our system, generally by attackers who would harm our systems and data (assets). I’ve included a project that walks you through a simple threat modeling exercise, using STRIDE, which you will apply using a scenario, to understand the basic process. 1. Read the threat modeling article using STRIDE located at https://www.webtrends.com/blog/2015/04/threat-modeling-with-stride/and complete a threat model and risk management plan2. Read the attached Project description. you will create a report for your “boss” identifying the threats to your systems/assets in the scenario, who the attackers are, how they will attack (using STRIDE), and will make recommendations for security controls (use your textbook, too)
By submitting this paper, you agree: (1) that you are submitting your paper to be used and stored as part of the SafeAssignâ„¢ services in accordance with the Blackboard Privacy Policy; (2) that your institution may use your paper in accordance with your institution’s policies; and (3) that your use of SafeAssign will be without recourse against Blackboard Inc. and its affiliates.
A section titled Attacker Viewpoint discussing framing the threat from the mindset of the perceived attacker. Address the following questions: 5 points.
Who is likely to attack the system?
What are they likely to attack to accomplish their goal?
A section titled Asset Viewpoint discussing the organizationâ€s assets from the information provided in the scenario, above. Be sure to also address the following questions (I recommend placing this in a table). 15 points
What is the asset?
What value does the asset have to the organization?
How might that asset be exploited by an attacker?
A section, titled STRIDE, that will identify the following security threats for six different categories, as discussed in the article in the Web reference you were asked to read, as they apply to this scenario. Include the following: 60 points
Spoofing – address any spoofing threats that might be present in the applications or systems. Include the ramifications (impact) of a spoofing attack.
Tampering – address any data or databases that might be subject to data tampering (applications, for instance, that might be vulnerable to cross site scripting attacks or SQL injection in the healthcare organization scenario, above).
Repudiation – address where repudiation attacks might be possible in the organization.
Information disclosure – address where there may be the likelihood for a data breach in the organizationâ€s assets listed in the scenario that would allow the attacker to access private information (or, worse, patient health information). Discuss the laws and regulations that would be impacted and the ramifications (impact and penalities) that would be incurred by this organization in that event.
Denial of Service – discuss the potential for service interruptions for those systems or applications connected to the Internet. Which systems are vulnerable? What would be the impact to the organization for each connected system, if it were to be unavailable?
Elevation of Privilege – discuss the systems and applications that might be subject to an attacker elevating his privilege levels (think of a patient database – what would happen if the attacker was able to gain Administrator access to the database?).
A section, titled
Risk Mitigation Plan, that summarizes your findings for the boss and discusses the security controls that you recommend for each of the potential attacks that you have identified. This can be summarized using the table Iâ€ve provided for you below for each of your threats.
Remember to assign the implementation of the recommended security control to a role within the organization (you can use a generic role, such as System Administrator, Database Admin, Security Officer, etc. – your textbook and other supplemental readings listed different organizational roles responsible for managing risk)
20 points
5 days ago
you can see here 100 points divided into 4 sections
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount! Use Discount Code “Newclient” for a 15% Discount!NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
The post info-security-and-risk-mgmt-4 appeared first on Essay Fount.
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but you proved you are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 11***| Rating: ⭐⭐⭐⭐⭐
"This company is the best there is. They saved me so many times, I cannot even keep count. Now I recommend it to all my friends, and none of them have complained about it. The writers here are excellent."
"Order a custom Paper on Similar Assignment at essayfount.com! No Plagiarism! Enjoy 20% Discount!"
