Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Hello I need help with this assignment I need to create a threat modeling with t

ID: 3800200 • Letter: H

Question

Hello I need help with this assignment I need to create a threat modeling with the following guidelines that I have listed below. Thank you in advance.

Threat Modeling

Explore the use of threat modeling to communicate threats associated with a software application.

Download: MS Threat Modeling Tool for network DFD

Assigment: Students will do individual work. The deliverable is a short example of a threat model for a webbased internal employee directory. The system will have information on employees – where their desk is, their phone number, what they do, a picture, etc. Using no more than 3 threats, develop and document a threat model.

Explanation / Answer

threat modelling is a process which can be implemented in 3 steps. it is an approach to measurre the security of an application. It is a structured approach that enables you to identify, quantify, and address the security risks associated with an application.

step i -

The first step in the threat modeling process is concerned with gaining an understanding of the application and how it interacts with external entities. It involves extracting the required information for the design , identifying items which the attacker might be interested in, and identifying trust levels which represent the access rights that the application will grant to external entities. This information is documented in the Threat Model document and it is also used to produce data flow diagrams (DFDs) for the application. The DFDs show the different paths through the system, highlighting the privilege boundaries.

step ii -

Determine and rank threats. The goal of the threat categorization is to help identify threats both from the attacker (STRIDE) and the defensive perspective (ASF). DFDs produced in step 1 help to identify the potential threat targets from the attacker's perspective, such as data sources, processes, data flows, and interactions with users. These threats can be identified further as the roots for threat trees; there is one tree for each threat goal

step iii -

Determine countermeasures and mitigation. A lack of protection against a threat might indicate a vulnerability whose risk exposure could be mitigated with the implementation of a countermeasure. Such countermeasures can be identified using threat-countermeasure mapping lists. Once a risk ranking is assigned to the threats, it is possible to sort threats from the highest to the lowest risk, and prioritize the mitigation effort, such as by responding to such threats by applying the identified countermeasures

------------------------------------------------------------------

Related Questions

Hello I need help editing my code here are the directions along with my code tha
Question #3886910
Hello I need help figuring out this code and casting numbers into this program,
Question #3792959
Hello I need help finding the solution to this problem that needs to be solved i
Question #3842263
Hello I need help finishing the code for this Tic Tac Toe problem. I\'m using C#
Question #3784350
Hello I need help finishing this problem. In my assignment I am given a test cod
Question #3551032
Hello I need help for theis questiin for Anthropology or related public health.
Question #3524441
Hello I need help for this Java homework: A Recursive Directory Search Utility f
Question #3843460
Hello I need help for this assignment: The assignment we will actually create a
Question #3774256
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Hello I need help with this Java code, and please could you do some changes on t
Next
Hello I need help with this assignment for ECON 2305 Thank you Gains from trade

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.