22 pages assignment: Write two documents1.Risk management tools (2 pages) and 2.Microsoft threat modeling (20 Pages)

User Generated

avpx239

Computer Science

Description

Task 1.Open-source Risk Management tools

Write two pages about each of the following list mentioned in the document (PFA)


Task 2. write to explain why do we need the Microsoft Threat modeling, how to use it (PFA for the detailed explanation)

Download Microsoft Threat modeling (provided with this folder) Then Give a complete example (2 application as distributed below)


Note: Please make sure you follow the document thoroughly where the first question consists of 2 pages and the second question consists of 20 pages.

Unformatted Attachment Preview

Part 1 Write two pages about each of the following list (Open-source Risk Management tools) • • • • • • • • • • • • • • OSMR MARCO CORAS Risk Assessment Platform ISO 17799 Risk Assessment Toolkit Easy Threat Risk Assessment ARMS Minaccia ThreatMind P.A.S.T.A (Process for Attack Simulation and Threat Analysis) Trike ATASM Lightweight/Rapid Threat Modeling Threat Library/List Approach Open Source Requirements Management Tool Part 2 Download Microsoft Threat modeling (provided with this folder) Then write to explain why do we need the Microsoft Threat modeling, how to use it Give a complete example (2 application as distributed below) ; your end results are the list and description of risk found . Your report must conations the following items: • • • • • • Why Do Threat Modeling? When To Do Threat Modeling? How To Do Threat Modeling? How To Do Threat Modeling Threat Modeling Scope? Methodology? Threat modeling privacy of social network People threat modeling Threat modeling with Waterfall approaches Agile approaches Threat modeling with Fog Computing NIST Special Publication 800-191 Threat modeling of a mobile device Network threat modeling Physical threat modeling Data-Centric System Threat Modeling Using Threat Modeling to Secure dataCenter Surveillance Self Defense: Threat Modeling Threat modeling on social networking Human threat modeling Online thefts threads modeling Privacy threat analysis and modeling Open Source Threat Modeling Privacy Threat Modeling for Biobank https://www.sciencedirect.com/science/article/pii/S1877050914010382 Threat risk modeling for web services Email threat modeling Management threat models Technical threat modeling Threat modeling for Code Signing NIST Cybersecurity White Paper Threat modeling Domain Name System-Based Electronic Mail Security SP 1800-6 Threat modeling Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) NIST Special Publication 800-187 Risk Assessment and Threat Modeling Threat modeling for cloud computing Threat modeling for web service Threat modeling for API Your report should be 20 Page (single space Font 12 Times New Roman) The report are distributed according to the following list ID 2842318 2831577 2832053 2832431 2820842 2820818 2832388 2820837 2843438 Application 1 Threat modeling with Fog Computing NIST Special Publication 800-191 Threat modeling of a mobile device Network threat modeling Physical threat modeling Data-Centric System Threat Modeling Using Threat Modeling to Secure dataCenter Surveillance Self Defense: Threat Modeling Threat modeling on social networking mangements threat modeling 2827927 2843377 2816453 2841580 2837383 2816462 2832372 2836100 2831931 2842950 2842959 2842959 2804919 2831602 2838428 2837174 ID 2842318 2831577 2832053 2832431 2820842 2820818 2832388 2820837 2843438 2827927 2843377 2816453 2841580 Online thefts threads modeling Privacy threat analysis and modeling Open Source Threat Modeling Privacy Threat Modeling for Biobank https://www.sciencedirect.com/science/article/pii/S1877050914010382 Threat risk modeling for web services Email threat modeling Management threat models Technical threat modeling Threat modeling for Code Signing NIST Cybersecurity White Paper Threat modeling Domain Name System-Based Electronic Mail Security SP 1800-6 Threat modeling Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) NIST Special Publication 800-187 Risk Assessment and Threat Modeling Threat modeling for cloud computing Threat modeling for web service Threat modeling for API Application 2 Threat modeling privacy of social network People threat modeling Threat modeling with Waterfall approaches Agile approaches Threat modeling with Fog Computing NIST Special Publication 800191 Threat modeling of a mobile device Network threat modeling Physical threat modeling Data-Centric System Threat Modeling Using Threat Modeling to Secure dataCenter Surveillance Self Defense: Threat Modeling Threat modeling on social networking Human threat modeling 2837383 2816462 2832372 2836100 2831931 2842950 2842959 2842959 2804919 2831602 2838428 2837174 Online thefts threads modeling Privacy threat analysis and modeling Open Source Threat Modeling Privacy Threat Modeling for Biobank https://www.sciencedirect.com/science/article/pii/S1877050914010382 Threat risk modeling for web services Email threat modeling Management threat models Technical threat modeling Threat modeling for Code Signing NIST Cybersecurity White Paper Threat modeling Domain Name System-Based Electronic Mail Security SP 1800-6 Threat modeling Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) NIST Special Publication 800-187
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

The tow papers are done :). Let me know if you need another help :)

1

Open-source Risk Management tools
Name
Affiliation
Date

2

A.

OSMR: This is an incredible degree lucrative open entryway for software engineers. At
the point when found by the security about the system, the technique would have to finish
the projects that are made open to everyone. This gives developers the information that
they require with the true objective to complete a strike. To fuel the circumstance, since
open source usage is so expansive, a lack of protection in a pervasive in part software
engineers with various potential undertaking misused of an individual.
This suggests software engineers follow the open source risk management and hop on
known security vulnerabilities in renowned open source fragments.

B.

MARCO: This is mainly focused on the business technology assessment. This includes
assisting the used technology within an organization doing business, where the
technology used is monitored regarding if it functioned well or not. Allowing the
company to manage their operation through the use of best technology. MARCO gas a
big impact of their operations and services, as this would enable them to secure their
technology used and monitor the area of putting the business at risk in order to prepare
some mitigation planning to minimize and avoid the risks.

C.

CORAS Risk Assessment Platform: This plays a special role in exploiting the market
segments in a certain business. Maintaining and monitoring the efficiency and viability of
the framework within the organization.

D.

ISO 17799 Risk Assessment Toolkit: This composed of various agendas and regulations
and policies which a manager should comply in order to meet the required documentation
of micro-elements of the certain project. In this toolkit, we can be able to learn some
guidance in referencing, internal comments and any related to these principles.

E.

Easy Threat Risk Assessment: This will help the user evaluate the certain security risk
that might take in the process of the business operations. At the same time, mitigating the
determined risks in a systematic way. This is through implementing discovery planning
which would be important for the security of the business and as for their future backup.

F.

ARMS: The indication of this risk assessment is to assess the airlines and related aviation
organization in clarifying the risk assessment. Providing enough knowledge for all the
users regarding the safety of all the settings pertaining to their aviation operations.
Concerning this, this group would provide a clear definition of risk, the process of
mitigating the risk by explaining the types and step by step solution for the risk.

G.

Minaccia: This help defining the cyber threats happened in some organizations such as
physical attacks, frauds, and any related to this. Also, enable the users to measures the
threats and resolve through mitigation by compiling the process of evaluating how the
failures begin in the system or software.

H.

ThreatMind: known the most frameworks of Psychotronic that have been sent against
particular individuals. In any case, each association tests and are used to hone and
immaculate these psychotronic remote conductive entrainment structures, commonly

3
complex. It is directly clear without inquiry that such identity control is certifiable and
triggers can be passed on through hand signals, voiced rules, tone, and show of particular
pictures, and likewise remotely impelled and entrained.
I.

P.A.S.T.A: This analysis will help the organization define and evaluate the cyber threats
produced by the business impact which delegating digital assets security. This process the
simulation of certain threat attacks that might be formed in the system environment.

J.

Trike: is a great part of the time used as a peril organization gadget in the midst of
security surveys. Its structure relies upon the necessities demonstrate which portrays the
palatable level of risk concerning accomplices input. The consequent risk shows
generally all the recorded perils. This is also used to depict the security characteristics of
a given structure from its irregular state to low-level plan.

K.

ATASM: This is showing as an immediate development. Regardless, the technique is as
often as possible fractal, as heretofore looked into parts open up further unknown areas
where the examination begins. The examination may need to have reaction back to the
start afresh, add up for that domain (linear progression).

L.

Lightweight/Rapid Threat Modeling: It states that security threat modeling is a process
keeping & assessing a document that makes you understand a system threat profile &the
document through the eyes of your opponent. The threat modeling is becoming more
important as to controlling or creating a situation, or the aim to achieve it. It can also be
said that it is the combining of two or more units /things to form an effective system,
building collaboration between the security & the operations. This modeling is also
important from the movement of negative movement to a disciplined approach or positive
approach to a problem.

M.

Threat Library/List Approach: focused on making a constrained course of action of firsts
addressing basic risk administrators, rather than attempting to describe another expert for
each possible blend of pro characteristics. By compelling the degree, they assumed that
they could develop an important library that was little, direct, and easily fathomed.

N.

Open Source Requirements Management Tool: This includes testing, designing, and
implementing various attributes where we can be able to derivate UI requirements. This
can be very helpful for making projects and testing for its process from timeline to its
design process.


1

Microsoft Threat modeling
Name
Affiliation
Date

2

What is meant by Threat Modeling
We understand the meaning of the threat model. It states that security threat modeling is a
process keeping & assessing a document that makes you understand a system threat profile &the
document through the eyes of your opponent. The threat modeling is becoming more important
as to controlling or creating a situation, or the aim to achieve it. It can also be said that it is the
combining of two or more units /things to form an effective system, building collaboration
between the security & the operations. This modeling is also important from the movement of
negative movement to a disciplined approach or positive approach to a problem. It is also about
building models & mental models, that to think or assume that WHAT IS GOING TO GO
WRONG.
If our goal is to overcome our attack surface & focus investments in a proactive manner, then
this modeling can help us, for example, you feel to see leaves on a tree rather than to see a whole
forest so threat modeling gives a framework for commutating the work done by you or by your
team and why are you doing it. More appropriately it involves understanding the problems could
happen. These threat models can also be applied for software development & its operations
putting forward to much effective communication & collaboration. The threat models mainly
work on the factors & reply to these basic questions.
Why do Threat Modeling
A threat in context to security architecture refers as anything which is responsible to harm and
damage the computer system. These can lead to the attack on your device, computer system,
network and much more.
The basic idea behind creating a threat model is to identify and prioritize all kind of possible
threats as a attackers point of view. The main purpose is to defend the user from different threats
by creating different models for different types of attack. Threat modeling is a great way to stop
different threat attack and these model have been successful and these threat modeling has been
used by prioritizing military defensive. Threat modeling is very useful and if the user really
wants their data and network to be safe they should start using threat modeling.
When To Do Threat Modeling







Every time there is an adjustment within the framework's style.
After a security, occurrence has happened or new vulnerabilities area unit conferred.
Threat models are systematically dynamic, and the models you arranged nowadays might
not be productive tomorrow. Furthermore, it is hard to state that you just have an area
unit to secured from all the threats. But you have performed threat modeling and brought
the required steps to limit your presentation to security dangers, at any rate, the effect of
one thing awful happening can be smart.
At the point when the system changes, you have got to consider the security impact of
those movements.
At the point when the fitting reaction is that the framework's designing isn't changing, no
unused methods or data flow are being displayed, and there are no movements to the data

3



structures being transmitted, at that point it is far-fetched that the reactions to 'what can
turn out badly' will alter.
When at slightest one of those movements, at that point it's profitable to analyze what
can turn out risk as a major perspective of the current work bundle and to comprehend
structures tradeoffs you'll be able to make and to comprehend what you may address in.

How to do threat modeling
Steps to Threat Modeling
The web applications used by the user for a variety of purposes. As people interact with the web
applications so there are chances of the security attack on the application by any external entity.
The External entity of the attacker it's for the opportunity to enter the application. So to prevent
an application from any type of attacks it is important to identify the possible threats and the
entry point from an attacker enters. All these activities are performed in threat modeling. There is
a process is known as threat modeling for analyzing the security of an application. It is a
structured approach that enables you to identify, quantify, and address the security risks
associated with an application.
1. Decompose the Application
This incorporates making use-cases to see how the application is utilized, recognizing
segment centers to see where a potential aggressor might interface with the application,
recognizing assets. There are many different types of threat modeling techniques, But all
have the same purpose that is to identify the threat entry point, Identify and rank the
threats and determine the mitigation of threats.
So threat modeling is used at the time of the application development. In the development
period, it is already identified that what is the point where the application interacts with
the external entities, and what kind of possible threats. According to the threats the
countermeasures and mitigation to the threats are applied in the application already. So
threat modeling prevent the application...


Anonymous
I was stuck on this subject and a friend recommended Studypool. I'm so glad I checked it out!

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Related Tags