What are the 3 most essential questions to What are the 3 most essential questions to ask in threat modeling?? - Essay Prowess

What are the 3 most essential questions to What are the 3 most essential questions to ask in threat modeling??

$5.99

Kindly ADD to CART and Purchase an editable Word Document at $5 ONLY.

Briefly respond to all following questions. Make sure to explain and backup your response with facts and examples. This assignment should be in APA format and have to include at least two references. Make sure to use the enclosed template. Any other format will not be accepted. 1- List 2 methods to build visual models of your system. 2- What is the best definition of a trust boundary? 3- What are the 3 most essential questions to ask in threat modeling? 4- In the Star Wars mnemonic, what threat does Luke Skywalker embody? 

Solution

University of the Cumberlands

Week 2: Individual Assignment

Abstract

This individual  assignment focus on two important  methods to build visual models of  systems, best definition  and examples of a trust boundary and three most essential questions to ask in threat modeling . Also analysis what threat does Luke Skywalker embody in the Star Wars mnemonic.

Week 2: Individual Assignment

List 2 methods to build visual models of your system.

There are many visual models used to build your systems. When it is come to modeling systems and applications, data flow diagram and UML diagrams are more commonly used by many organizations. Data flow diagrams maps out the flow of data (arrows) for any process or system. It uses symbols like squares for external entity, circles for processes which take data as input and process it then return data as output. For example you enter employee id to a payroll process, then this process can check the validity of your employment or available money in your payroll account. Rectangle represents data stores such as database, XML files, physical storage etc. Unified Modeling Language (UML) consists of 13 different types of diagrams which include class, activity, object, use case, sequence, package, state, component, communication, etc. (smartdraw.com,2018). Visual models of your system with external entity interactions including users, processes, data stores and the architecture of the system you’re trying to build will help you understand the architecture and dependency between components easily and save time. Also you have to understand the threat modeling systems deeply using visual models which helps to find many threats in the early stage.

What is the best definition of a trust boundary?

Trust boundary is a logical perimeter where program data or execution changes between trust levels or privileges. The most obvious example of a trust boundary for web applications is the demarcation between the user’s browser/computer and your application interface, which resides on a server somewhere on the Internet. Your application faces a myriad of potential and unanticipated threats beyond those you might expect from your trusted user or customer. (technet.microsoft.com,2017). Also using boundaries help to simplify the identification of threats. Also threats can be easily classified to different categories using trust boundaries.

What are the 3 most essential questions to ask in threat modeling?

You have to start with a question “What are you building”.  You can build a visual model using all resources including system architect, security architect, developer, tester, manager, etc. Then you have to work with a question “What can go wrong with it once it’s built”. You can use STRIDE approach, walking through each part of the diagram (including the data flows!) and asking, “How could someone spoof this? How could someone tamper with this…”,   You can also look at each element of the diagram, and walk through each STRIDE threat: “How could someone spoof the database? How could someone tamper with it…”( misti.com,2017). The third essential question to ask is “What should you do about those things that can go wrong”. You have to plan how your migrating issues find and what time frame to fix these issues, what critical threats have to be remediated as soon as possible. What are the low findings you can take more time to fix, Is there any incident response plan if any of these threats exploit, etc. 

In the Star Wars mnemonic, what threat does Luke Skywalker embody?

Spoofing.  A spoofing is  a type of malicious activity  where one person or program successfully tricks as another person by falsifying identity, to gain unauthorized access, steal information, conduct an attack by infecting malwares, bypass security controls, etc. Email Phishing is a well known spoofing attack experience by many people that uses disguised email as a weapon.  Since you believe this is from legitimate source and by clicking these email attachments you will get infected by malware or other malicious script in those attachments. You really have to check clearly to make sure these mails from legitimate source. Other common types of spoofing attacks are ARP spoofing, DNS spoofing, Web spoofing and IP address spoofing. In order to avoid spoofing attacks you have to use spoofing-detection programs, Packet filtering and security encryption protocols such as HTTPS, TLS, SSH, etc.

References

Ajournalarticle, R. H., Spud, P. T., & Psychologist, R. M. (2016). Title of journal article goes here. Journal of Research in Personality, 22, 236-252. doi:10.1016/0032-026X.56.6.895*

B’Onlinesourcesareconfusing, S. O. (2010). Search for answers at apastyle.org and include issue numbers after volume numbers when there is no DOI. Journal of Articles Without Digital Object Identifiers, 127 (3), 816-826.

Cmagazinearticle, B. E. (2009, July). Note the last names on this page: Each source type has to be formatted in a different way. [Special issue]. Prose Magazine, 126 (5), 96-134.

Dbookreference, S. M., Orman, T. P., & Carey, R. (1967). Google scholar’s “cite” feature is