This course explores the evolution from information security to cyber security, policy and cyber security development and the relationships between business and public/private sector organizations in meeting the challenges of cyber security threats. Students will be introduced to the legal and regulatory requirements for internal network and internet security both as they apply to business and personal use. Vulnerabilities of both the organization and the individual will be reviewed as well as the processes and controls for mitigating cyber security threats. The need for an IT audit will also be explored as part of the vulnerability/mitigation process as well as the need for development of an organization-wide cyber security policy.
Explanation & Answer
Hey buddy. I will finish up the rest of the weeks. You can go ahead to review and complete as always
Threat modelling is basically a structured way of determining and handling threats.
When designing an application, the developer faces numerous security concerns during the
various phases of the SDLC. Having threat modelling early in the SDLC is of great
importance since applications require inclusion of security. The earlier the security is built,
the better. In today’s business environment, threat modelling should not be included late or
ignored else the security of the application will be compromised. In this context, threat
modelling is a process initiated to identify threats and weaknesses in the initial stages of the
SDLC so as to determine existing gaps and mitigate risk which in turn ensures the
development of a secure application that saves production cost and time.
The procedure is done early in the SDLC so as to discover security faults when there
is adequate time to correct them. Threat modelling bridges any existing gap between the
application developers and application security. Through threat modelling, the developers are
able to identify the threats as well as rate the threats in terms of the extent of impact. The
entire process provides knowledge and awareness of the current application risks and
Shostack, A. (2014). Threat modeling: Designing for security. Indianapolis, IN: J. Wiley &
Threat modelling begins by identifying the assets that may comprise of servers, active
directory and database users including the administrators. It outlines the application
architecture including the software framework and other components like connections to the
cloud data. The next phase of threat modelling involves breaking down the application in
regard to process and sub-processes using data flow diagrams. The fourth step involves the
identification of the threats in details so as to further evaluate the process. This step is
followed by classifying the threats in a structured and repeatable way as well as rating their
Performing threat modelling at the early phases of the SDLC at each time there is a
modification in the systems architecture as well as after new vulnerabilities are introd...