Threat Modelling

                A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are: User authentication and credentials with third-party applications 3 common security risks with ratings: low, medium or high Justification of your threat model (why it was chosen over the other two: compare and contrast) You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.
Finally there is Microsoft SDL which uses both proactive and reactive strategies to proactively address security weaknesses at all stages of the product development cycle. It has been widely adopted as industry standard due to its comprehensive approach that covers areas such as requirements definition, secure code development practices and engineering protocols. I recommend using the SDL model because it provides an all-encompassing view of an organization's overall security posture while taking into account existing best practices when implementing any new changes. Furthermore ,it will allow for early detection of issues during design and development phases instead of after deployment when it could be too late . Additionally ,the SDL framework offers several resources such as training modules ,design templates ,and checklists making it easy for developers or administrators to follow . Therefore I believe that this particular threat modeling strategy would provide our healthcare facility with adequate protection against various cyber threats in today's digital landscape

Sample Solution

The three threat models that I have chosen for this health care facility include the attack tree model, the STRIDE model, and the Microsoft Security Development Lifecycle (SDL) model. The attack tree model is a risk assessment tool used to identify potential threats and vulnerabilities in an organization’s systems by examining which elements of their infrastructure may be exposed to malicious actors. This method can help visualize how a threat could manifest itself, with each “branch” being another possible exploit or attack vector. The STRIDE model is also a risk analysis tool that identifies six common security risks: spoofing identity, tampering with data/resources, repudiation, information disclosure/eavesdropping, denial of service attacks and elevation of privilege. Each threat can then be assigned a severity level ranging from low to high depending on its potential impact on the system.

Aced Essays

Free Resources