1&2 in different docs with 2 references each and citation follow instructions

timer Asked: Jul 3rd, 2019
account_balance_wallet $5

Question Description

1)Description: Defense-in-Depth, an IA concept refers to multiple layers of security controls placed throughout an IT system. Post a brief summary of examples of these types of controls in action and your experience with at least one of type of control. Illustrate whether or not you believe, in your experience, this approach is effective. Be sure to indicate in what domain your example occurs:

  • User domain - any user of our systems falls in this domain, whether inside or outside our organization
  • Workstation domain - not just computers, but any device our users use
  • LAN domain - each LAN and the devices that make a LAN work
  • WAN domain - the system that links devices across long distances; typically this is the Internet which is used by most businesses
  • LAN-to-WAN domain - the infrastructure and devices that connect our organization's LANs to the WAN system
  • Remote Access domain - the technologies used by our mobile and remote users to connect to their customary resources; can include VPN solutions and encryption technology
  • System/Application domain - technologies used to actually conduct business functions, as opposed to making connections of various types

2)Chapter 1 and 2 provided a high-level overview of Threat modeling and Strategies for Threat Modeling. For some additional reading, take a look at how other organizations view threat modeling:


After reading chapter 1 and 2 and looking at the link above, you're ready to participate in the first discussion.

Let’s look at a possible real-world scenario and how the Department of Homeland Security (DHS) plays into it. In this scenario, the United States was hit by a large-scale, coordinated cyber attack organized by foreign entity. Lessons learned indicated that DHS was not utilizing any threat modeling strategies and would like to get discussion started immediately to better understand what it is. You are brought in and need to provide the following to DHS:

a. What is threat modeling?
b. How can threat modeling help protect key assets (this could be information, infrastructure, personnel, etc) going forward?

c. What should the next steps be for DHS now that they have a better understanding?

You must do the following:

Create a new thread. As indicated above, please answers the three questions above for DHS described in the preceding paragraph. Must use a minimum of three references for your initial posts. Also, please cite all references and use proper APA formatting.

Tutor Answer

School: UC Berkeley

Hi fam. Here is it.






The world wide web has turned the world a small community that is able to interact freely
with one another in an instance. Advances in this technology means that securing personal
information is key especially in this online world. Systems are connected in such a way that
being online at any one point puts the user at a risk of being attacked in financial markets,
and at a personal level. Governments are increasingly at risk of losing valuable information,
and so are corporations. The loss of such vital knowledge can pose a risk to individuals,
companies and in the global sense, whole nations. Encryption is a method that is used to
secure data for the relevant parties, but with the increasing demand for a global connection,
IT systems continue to be vulnerable to attacks from malicious parties hoping to gain from
such details (Sweir at al, 2007). Firewalls also play a role in blocking unwanted attacks to a
A local area network (LAN) connects devices in a regulated range. This is easily secured in
that the command centre can regulate the users within the same. It can be encrypted by the
use of passwords and access codes (Sweir at al, 2007). What cannot be regulated is the
number of users connected to the LAN since the size of the company, or institution is only
limited to the ability of any provider to host the number of users within the network.
A wide area network (WAN) enables businesses or organizations, even national institutions
to connect over greater distances. It facilitates communication between various branches of a
business and as such, has more users as opposed to a LAN.
Often, a LAN will need a WAN to communicate effectively, and in a timely manner with
other branches of a business organization. Encryption here is harder based on the volume of
users that are able to access the network of connected IT systems. It may be effective in the
sense that the IT department is solely responsible for the security of data transfers between



the two domains (Wang & My, 2013). Encryption keys can be generated at the control
centres and only passed to the relevant recipients. However, this poses a great risk to any
institutions utilising a LAN to WAN domain for factors detailed in the threat model outlined
Discussion on threat modelling
What is threat modelling? This refers to an active process of establishing potential dangers to
a business operating online and trying to come up with an effective way to counter the
possible negative outcomes that may arise from such dangers. It is a proactive method aimed
at ensuring that any arising issues have been solved even before they happen. It focuses on
the agenda and how it is being executed first. Next, the possible negative outcomes are
outlined and discussed in depth. What could go wrong is speculated upon and deliberated
upon at this stage in the process. After the potential unfavourable outcomes are identified, a
proposal to what can be done to solve them has to come up. In essence, what happens should
the negative expected outcome be, what should be done about it? Finally, an evaluation of
this reaction to the negative outcome has to be done (Brown at al, 2004). Was it effective?
What can be made better about if it wasn’t? Is there room for improvement? Ultimately, a
threat model forecasts a problem and finds ways to solve it before it happens while also
evaluating the outcomes from the reactions to these problems.
Advances in technology have rendered the world a globalised village so to speak. The
transfer of information happens in an instant, and friends across continents can communicate
in real time. In the case of a LAN to WAN domain, the constant flow of data an...

flag Report DMCA

awesome work thanks

Similar Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors