Describe how you might define security requirements to align with a kind environment or a wicked environment. Explain your rationale.

User Generated

xbqngvfevenz

Writing

Security Architecture Design

Description

In approximately 300 words, answer the question below. Follow APA guidelines.

Describe how you might define security requirements to align with a kind environment or a wicked environment. Explain your rationale.

Unformatted Attachment Preview

ISOL 536 Security Architecture and Design Threat Modeling in Technologies • Terminology – Usability = helping people accomplish tasks – Human factors = focus on reducing human error and increasing productivity with the subject system – Ceremony = protocols extended to human node – People = users or human nodes Threat Modeling in Technologies • Understanding human behavior – Design systems to help people – Design systems that make security fool proof, intuitive, easy to follow, and yet effective – Design systems to achieve the continuation and habituation that is desired – Kind environments vs wicked environments Threat Modeling in Technologies • Considering the Kahneman model when design security – What you see is all there is – System 1 versus System 2 – Anchoring – Satisficing Threat Modeling in Technologies • Cranon’s framework – Effective training should help people recognize a situation and apply what they’ve learned – Communications must be clear and elicit the right action – Six components of the human receiver – Threat modeling using Cranon Threat Modeling in Technologies • Heuristic models create challenges – User wants to accomplish their goal – User tendencies and biases – User mental allocation of time for security – Over optimistic of user understanding Threat Modeling in Technologies • Security-centered software modeling – Warning dialogs – Authentication – Configuration precision** – Diagramming • Swim lanes • State machine Threat Modeling in Technologies • Threat elicitation – Brainstorming – Ceremony* approach using heuristics • • • • • Help users make decisions Avoid distracting users with too much to do Avoid steps lacking clarity Don’t make assumptions on the behalf of the user Keep the interface and choices consistent Threat Modeling in Technologies • Integrating usability and ceremony into threat modeling – Understanding human behavior when threat modeling – Minimize what you ask of people – Foster a kind environment – Keep configuration choices and needs simple – Present intuitive, explicit dialogs to the user ISOL 536 Security Architecture and Design Threat Modeling in Technologies • Cryptography is a complicated, evolving, and broad field • Coverage here is a sampler • Literature is abundant and extensive: – – – – – – – Private and public keys Ciphers Hash functions Analysis Primitives Systems Mathematics Threat Modeling in Technologies • When do you use encryption – HTTPS – SSL – TLS – IPSec – Digital certificates Threat Modeling in Technologies • Threats against cryptosystems – Attacks against the design and components (i.e. encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication) – Attacks against the implementation – Attacks against hardware – Attacks against trust models – Others: • Users, failure recovery, cryptography Threat Modeling in Technologies • Building with cryptography – Authentication example – Know and understand threats and limitations – Key and certificate management – Leverage experts – Test assumptions Threat Modeling in Technologies • Useful resources – OWASP Guide to Cryptography – Khan Academy course – NIST standards program – CISSP cryptography domain – IETF Crypto Forum
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

...


Anonymous
Just the thing I needed, saved me a lot of time.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags