Description
Topic: Emerging Threats & Countermeasures
Question:
Threat Modeling
A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:
- User authentication and credentials with third-party applications
- 3 common security risks with ratings: low, medium or high
- Justification of your threat model (why it was chosen over the other two: compare and contrast)
You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.
Instructions:
- Minimum 3 – 4 pages without including title and reference page.
- Follow APA 7 guidelines. Paper should include an introduction, a body with fully developed content, and a conclusion.
- Support the answers with the readings from the chapter 3 in textbook and at least two scholarly journal articles to support your positions, claims, and observations, in addition to textbook.
- Need 2-3 APA References
- Textbook attached
- Single space.
- No Plagiarism please.
Explanation & Answer
Hi, find attached
OUTLINE
Threat Modeling
Thesis statement: Through threat modeling, you will protect valuable information or data and
intellectual property
•
•
•
•
Introduction
Threat models as it applies to health care industry
Common security ratings
Recommendation to the chief executive officer
Running Head: THREAT MODELING
1
THREAT MODELING
Student’s Name
Institution
Date
THREAT MODELING
2
Introduction
Threat modeling refers to the act of identifying and prioritizing available threats and
mitigating the processes. Through threat modeling, you will protect valuable information or data
and intellectual property. Security teams can continuously use threat modeling applications to
covers their apps as they educate team development. Also, they can build a culture of security
throughout the enterprise and organizational system. Every organization can use threat modeling
to begin and develop a DevSecOps culture. It refers to an idea that unites both the development
team and the operational team to share skills and create similar objectives.
During threat modeling, it is required that the security architect, the infrastructure team,
and developers work together. It means that the threat modeling system requires the whole team.
Therefore, it improves the communication process and collaboration among the organization
members. It also enhances the understanding of other team members' roles, goals, and
challenging points (Stewart, Chapple, Gibson, 2012).
The quantitative threat modeling method contains the following three models that the
chief executive officer selected. The attack trees, STRIDE, and CVSS methods. The attack tree
threat modeling is one of the oldest and largest used techniques on physical, cyber systems,
cyber-only systems, and physically pure systems. Initially, the worked as stand-alone methods.
However, several frameworks and methodologies work together to achieve their set goals. Attack
trees resemble a tree diagram that shows the system attacks in tree form. The tree's root
represents the set objectives, while the leaves represent the methods used in achieving the goal.
For the entire organization, several trees represent different goals, according to the team.
Therefore, it is the duty of the system threat analysis to offers a set of attack trees depending on
the organization's problems. Depending on the system's complexity, the organization can create
THREAT MODELING
3
different tress to handle other issues for the entire plan. Through administrators, attack trees can
get started and used in informing security decisions. They also get able to determine whether
their systems are vulnerable to attacks. The c...
Review
Review
Europe(Continental)