User Account

All Pages

Why threat modeling important tool for security practitioner

Assignment Help Management Information Sys
Reference no: EM133823593

Homework: Introduction to Threat Modeling

Overview

Threat modeling is an important process to help identify deficiencies in systems that are meant to keep assets secure. Using a threat model while summarizing the attack provides an industry-vetted model that allows for easy identification of incidents versus threats. Every cyber incident can be depicted in threat modeling scenarios, which provides an industry standard to communicate the characteristics of any threat. Threat modeling is an important practice for cybersecurity analysts because they must compare different forms of threats to identify common characteristics and build the most secure defense against threats. This activity will draw on important fundamentals we have explored previously, like the confidentiality, integrity, and availability (CIA) triad and adversarial mindset.

This activity relates directly to the final project, where you will be required to complete a threat model for your project scenario. Take advantage of feedback on this homework to prepare you for your final project submission in Module Seven.

Prompt

Analyze the three breach case studies found in the three articles that are linked in the Reading and Resources section of Module Three of your course. Use this information to fill out the template and address the critical elements listed below.

I. Threat Modeling

A. To complete this homework, first download the Module Three Stepping Stone One Template provided in the What to Submit section. Identify the elements of the threat model by filling in the template for the case studies below.

a. Complete column for Target Breachthoroughly and accurately.
b. Complete column for Sony Breachthoroughly and accurately.
c. Complete column for OPM Breachthoroughly and accurately.

II. Incident Analysis

Select one of the incidents from the table and analyze the following information:

A. Which of the CIA triad is most applicable to the "Action" category of the selected incident? Explain your answer.

B. How can you use an adversarial mindset in analyzing the "Attackers" and "Objective" to inform the response to the attack?

C. Imagine you worked for the organization in the chosen incident and had used a threat model proactively. What changes could you have made to the organization to avoid the incident?

III. Threat Modeling Extension

A. Defend the need for performing threat modeling. How would you convince your supervisor that threat modeling is worth the time and resources needed to complete it?

a. Why is threat modeling an important tool for a security practitioner?
b. What organizational advantages beyond security controls might arise from this threat modeling exercise?

B. How does threat modeling differ between roles in IT (for example, testers-data mutations; designers-analyzing threats; developers-tracking data flow)?

Reference no: EM133823593

Questions Cloud

Throughout your professional career : Throughout your professional career, you may be called upon to submit a video resume for a new job.
Seeking confirmation of draft performance standards : Write an email to the NATIONAL SALES MANAGER and CEO, seeking confirmation of draft Performance Standards and KPI's in your proposed Work Plan.
Discuss the three major technologies : Discuss the three major technologies that automate the supply chain procurement process. Examples could be but are not limited to the internet.
Discuss options of achieving long-term goals : Organizational members are meeting to brainstorm a new concept for their future and discuss options of achieving long-term goals.
Why threat modeling important tool for security practitioner : Why is threat modeling important tool for security practitioner? What organizational advantage beyond security control might arise from threat modeling exercise
Platforms to enhance trustworthiness in online presence : How can they leverage current digital tools and platforms to enhance trustworthiness in their online presence?
Your employees are having trouble adjusting : The change has gone more smoothly than expected, but three of your employees are having trouble adjusting.
Survive in environment case select strategy : There are two types of life strategies used by organism to survive in the environment case select strategy and our select strategy
Is employee burnout and employee engagement impacted : Is employee burnout and employee engagement impacted by a leader who does not appear interested or involved?

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd