UC Cyber Security Threat Model Essay

User Generated

nof99

Computer Science

University of cumberlands

Description

Threat Modeling

A new medium-sized health care facility  just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:

  • User authentication and credentials with third-party applications
  • 3 common security risks with ratings: low, medium or high
  • Justification of your threat model (why it was chosen over the other two: compare and contrast)

You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.


User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.HelloHere's the final copy of your answer. Should you need any changes made, don't hesitate to reach out for help, I'll be here to assist.Thank you!

1

Threat Models

Student’s Name
Institutional Affiliation
Professor
Course
Date

2

Threat Model
Introduction
A threat model reorganizes and organizes possible dangers and security alleviations to
shield something of significant value, such as secret information or protected invention. Since
there aren't enough offices to feed the swollen population requiring individualized medical
services administrations, E-Health (EHS) was developed to stimulate social insurance
delivery and health records collection (Fagade, 2018). To help social insurance providers
function more efficiently, E-health frameworks have been developed that make it easier for
people to receive human services by connecting them with organizations that provide health
care. Some of the chosen threat models include;
Dread Threat Modelling
A dread threat model is a risk assessment framework for PC security risks that was recently
used by Microsoft, even though it is now used by OpenStack and other organizations
(Fagade, 2018). Five different classifications are used to create the acronym dread. In the
beginning, it was planned to show danger, but it turned out that the judgments were
unpredictable and open to debate. The dread threat model provides mental assistance for
classifying security threats using five different categories based on their hazard scores.
The subcategories are as follows:


What kind of harm could an attack do?



Is it possible to reproduce the assault in the same way it happened the first time?



When it comes to exploitability, how much work does it take to send an attack?



What is the estimated number of affected customers?



Is it easy or difficult to find the risk?

3

As soon as a hazard is assessed with dread, every categorization is evaluated from 1 to the
total of all assessments for that issue. This rating can be used to group similar problems.
Others believe that adding the "Discoverability" component as the final dread threat modeling
can be obscured. As a result, a small number of security associations have either abandoned
the Dread-D scale (which does not include Discoverability) or have come to accept that
Discoverability is always at the end of the scale when assessing security risks and
vulnerabilities (Fagade, 2018).
Stride threat modeling
Prakrit Garg and Loren Kohnfelder from Microsoft devised the stride model of risks for
identifying PC security threats. It assigns a memory aid to six different categories of security
threats.
The risks are as follows:


Spoofing



Tampering



Repudiation



The release of confidential information



"Denied service" is a technical term.



Privilege is being enhanced.



Increasing gain

4

The stride threat modeling was initially designed as part of a technique for warning people
about the danger. Stride is a model of risks that may be used to find flaws in a framework's
logic and reasoning. For a framework, every threat constitutes a violation of an appealing
property. Each step in the process is divided into a series of sub-steps, namely;


"Reputation": False advertising



"Integrity": being tampered with behind the scenes.



Dissemination of data: "Confidentiality."



Non-availability of a service



"Authorization": "Elevation of Privilege"
Trike threat model

Trike threat modeling focuses on completing the security examination process from the
viewpoint of a digital hazard board, and establishing a "necessities model" like the Trike
danger demonstration technique is an example of this. The requirements model ensures that
each benefit is "worthy" to the various partners by allocating an appropriate level of risk.
Making an information stream chart is the next step in exhibiting Trike risk (DFD) (Fagade,
2018). Engineers working on frameworks in the 1970s created information stream diagrams
to show how information goes inside the framework, stores, and is controlled. There were
only four parts to them in the past:


A database of information



Forms



A steady flow of data



Interactors

5

How to Pick the Best T...


Anonymous
Goes above and beyond expectations!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags