Threat Modeling

by | Mar 19, 2023 | Main

 

 

 

A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:

User authentication and credentials with third-party applications
3 common security risks with ratings: low, medium or high
Justification of your threat model (why it was chosen over the other two: compare and contrast)
You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.

 

Sample Solution

In order to provide the CEO with an informed decision regarding the threat model for their new medium-sized health care facility, it is important to understand the various threat models available and how they might apply in this situation. The three models that I have researched are Common Vulnerabilities and Exposures (CVE) Model, Zero Trust Network Assessments (ZtNA), and Targeted Attack Lifecycle (TALC).

Sample Solution

In order to provide the CEO with an informed decision regarding the threat model for their new medium-sized health care facility, it is important to understand the various threat models available and how they might apply in this situation. The three models that I have researched are Common Vulnerabilities and Exposures (CVE) Model, Zero Trust Network Assessments (ZtNA), and Targeted Attack Lifecycle (TALC).

The CVE Model utilizes a vulnerability identification process to identify weaknesses in security systems and networks. It categorizes threats based on severity level, allowing them to be easily managed. The main benefit of this model is its ability to identify existing vulnerabilities quickly; however, the downside is that it can take a significant amount of time and resources to implement properly due to its manual nature.

The ZtNA Model focuses on creating a secure network architecture by verifying user authentication credentials before granting access. This model also provides real-time insights into potential threats by continuously monitoring for suspicious activity. It requires minimal setup costs but does require frequent maintenance checks which can become costly over time.

Finally, TALC aims at detecting malicious activities from outside sources by analyzing historical data from previous attacks. It provides detailed information about different attack types as well as automated responses which help reduce response times when faced with an attack attempt. Its primary benefit is its ability detect targeted attacks while its drawback lies in requiring large amounts of data capture analyze accurately.

Based on my research I recommend that the CEO adopts the CVE Model as their threat model since it provides comprehensive coverage of security risks while still being relatively easy implement maintain compared other two options mentioned above. Despite needing more resources initially set up than some other models, it has proven itself effective identifying known vulnerabilities making sure those get addressed quickly thereby reducing chance of successful attack overall

This question has been answered.

Get Answer