The file below contains complete work of your assignment. Kindly check.
Running head: Threat Modeling
This is a practice of heightening network security through detecting intentions and
weaknesses and then describing mitigation factors to avert or alleviate the regulations that are
likely to be posed by threats in the system. The aim of this practice is to deliver systematic
analysis to the defenders with details of a likely attacker, the most likely attack vectors, and the
assets most desired by an attacker.
Threat modeling drill can be created in a culture where it had never been practiced.A
culture is influenced to carry out a self-evaluationby answering some basic
questions(Shostack,2014). These are such as, what is being worked on, what might go wrong, if
it goes wrong, what can be done about it and finally, was the job commendable at the end.
The best way to answer the question of what is been worked on is by assembling the
system architects, testers, and the security personnel. It is important to include customer advocate
too. This gives them a chance to talk about their tasks and share their different understanding of
the system. At the end of the interaction, they will have been able to come up with a drawing on
a whiteboard on how the system works.
After coming up with a chart on how the system works, then one can isolate where
attacks are likely to occur. In order to navigate the system and determine breaches, these few
factors can be put in place spoofing, interfering, refutation, information leak, repudiation of
service, advancement of privilege. These factors are associated with the system, for example, can
someone tamper with the database? At the one, one is able to come up with lik...