User Account

All Pages

How you have assembled your threat model

Assignment Help Other Subject
Reference no: EM132968704

CIS098-6 Cyber Defence - University of Bedfordshire

Learning outcome 1: You are required to demonstrate critical and in-depth knowledge of cyber threat intelligence frameworks, tools and methodologies that can be utilized to mitigate and ensure resilience in an organization.

Learning outcome 2: Flexibly and autonomously apply knowledge on real-time reputation intelligence in
Learning outcome 3: In order to evaluate and respond to multi- faced attacks towards innovative and pragmatic solutions in Network security

Learning outcome 4: The report should also include a section where you elaborate in great details, how you have assembled your threat model in your chosen TM tool.

This assessment will require you to use open source intelligence frameworks, sources of information (e.g. NIST vulnerabilities database) ir order to produce a threat model for a given scenario. On the basis of the scenario and the threat model you have produced you will be required to present a report that contains the following:

1. An overview of the intelligence sources you chose to utilise and why they were chosen (500 words)

2. A fully formed threat model using an open source framework such such as OWAPs Threat Dragon. You can download a free copy of OWASP Threat Dragon this will work on Linux, mac and Windows. You can take screen short of your developed threat model

3. On the basis of the threat model, the intelligence and vulnerability you should provide a summary (upto 1000 words) outlining the basis of the threat model you have used, and how the sources that you collected information from helped you to develop your threat model.

4. You should outline the key threats to the systems in your chosen scenario, and present these in the form of a risk table, identifying the likelihood of the threat (high, medium, low) and the likely impact that the threat could have on the business in monetary terms (business failure, business interruption or business as usual). You should then suggest mitigation actions that should be put in place to reduce the impact of the threat (1500 words).

5. A separate section should be dedicated for the developed threat model

You will submit a single word file containing points 1-5 above via the BREO submission link.

Scenario

MoneyTransfer4U is an organisation that has over fifteen years of experience providing money transfer services on the UK High Street. The organisation has stores across the UK, including in London, Birmingham, Leeds, York, Liverpool, Manchester and Edinburgh.

The organisation has a set of 50 UK wide stores, and they are all currently connected via a Metropolitan Area Network. Daily transactions are sent using FTP to the Headquarters in London from each of the other stores across the UK on a daily basis. Each local store also maintains a MYSQL database of daily transactions and customer details. To make things easier the IT team created a single database for each region/city, and customer details, tables, financial transaction table, staff log-on credentials and an annual financial reporting data store are all located in this single database.

In terms of transactions, customers can either vii a store in person, in which case a member of staff performs the transaction, or else customers can log- on and create an account. All they need to do is enter their personal details, bank account details and address to get started. As the organisation has a small staff base of 200 across the UK, there is no verification service in house, so the transactions are set to an-off site service via email for verification before a transaction can take place.

The organisation has set up Windows 10 accounts for all in-store and back- house staff. As well as this, all data is stored on physical servers installed with Windows 2012 Server. The IT has five members of staff and they have to travel across the UK to personally apply patches in each location. Given the geographical spread of stores and offices, this can only take place once a month.

As some staff want to work remotely, then a virtual image has been created and staff can log in using a standard browser.

Staff are asked to create their own passwords, but there is no official password policy in place regarding the correct formation of strong passwords. You have been employed as a consultant as over the past month they have suffered XSS attacks on their website, a major personal data breach and a Distributed Denial of Service (DDoS) attack

Possible sources of open source intelligence frameworks for Cyber Threat Intelligence and known vulnerabilities

1. Implement, evaluate and review one or more emergent paradigms that underpin modern

CTI models

2. Investigate threat mitigations and improvements made through information consumption using a technical demonstration(s) while meeting organisational objectives

In order to achieve a high grade you need to provide an in-depth assessment of the possible threats to MoneyTransfer2U, and to clearly explain not only the vulnerabilities, but also the ways in which positive actions can be put in place in order to better secure the systems.

You should also outline an action plan that can be put in place in order successfully implement an Information Security Action Plan.

In is important that you also document any assumptions you have made, and effectively evaluate the measures you consider for their suitability for a small organisation (cost, manpower required, timelines etc.)

Attachment:- Cyber Defence.rar

Reference no: EM132968704

Questions Cloud

Description of the plan to implement the strategy : Identify three (3) communication strategies that would support more effective communication including a short description of the plan to implement the strategy
Calculate the depreciation expense and the cumulative effect : Assuming that this is a change in policy, calculate the 20X8 depreciation expense and the cumulative effect of the change on the 20X8 opening retained
Make a statement of partnership liquidation for period : Cash, noncash assets, and liabilities total $57,300, $100,800. Prepare a statement of partnership liquidation for the period July 1-29.
Which is a way to analyze a company financial statements : Which is a way to analyze a company's financial statements? Calculate ratios based on the numbers from a company's financial statements.
How you have assembled your threat model : The report should also include a section where you elaborate in great details, how you have assembled your threat model in your chosen TM tool
Complete the inventory table using the LIFO method : Beginning inventory, purchases, and sales data for widgets are as follows: Jul. 1 Inventory 15 units @ $30. Complete the inventory table using the LIFO method
What net income has : A company's gross profit margin has increased from 35% to 55%. Therefore, its net income has? Increased by the same percentage
Compute each division RI : Adrenaline's management has specified a 14% target rate of return. Compute each division's RI. Interpret your results
What the dividend yield for the company is : Carbonetti Company paid $1.64 per share in common dividends in 2017. Its net market price per common share was $2.73. The dividend yield for the company is

Reviews

Write a Review

Other Subject Questions & Answers

  Punishment by prevention of removal of an aversive condition

Punishment by prevention of removal of an aversive condition.Prevention of the presentation of a reinforcer vs. Removal of a reinforcer.The four basic behavioral contingencies and their prevention.Using punishment contingencies.

  Write a short essay reflecting on the religious service

Write a short TWO-page essay reflecting on the religious service you have attended. Reflect on the issue at hand using facets of Artistic Expression you have.

  Discuss the organization strategic goals

Justify the primary reasons why investing in any health care organization's technology and information system should align with the overall organization's.

  What does the insurance industry use emr to determine

What does the insurance industry use EMR to Determine?

  Issues the business is facing by using the tool

What can be done to further improve the problem/issues the business is facing by using the tool - What are they trying to achieve, improve or prevent

  What medicine and health care consisted of in the decade

One of the arguments often hear about why health care is not a right given to the citizens of the United States is that it was not written into the Constitution

  What can be done to help the victims of crime

You have been asked to present at a local human services conference on the efforts of correctional support within the community.

  How does womack characterize afrofuturist values and music

What makes a "feminist space," would you say that Janelle Monae's Dirty Computer is part of the Afrofuturist feminist movement or not and why or why not?

  The thickness of a board is 0037 metersthis is 0014 meters

the thickness of a board is 0.037 meters.this is 0.014 meters less than what it is supposed to be.how thick is it

  Discuss the relevance and influence of each work to history

AR201- Discuss the relevance and/or influence of each work to history/ art history (via historical context, i.e What was going on in the world at that time that influenced the works and/or vise, versa?).

  What are effective crisis intervention strategies

One crisis is a person who presents with suicide ideation. What are effective crisis intervention strategies used for each of the following: a high-risk suicidal client, a middle-risk suicidal client, and a low-risk suicidal client? What makes the..

  Challenge-brainless and requires little-no thinking ability

Pick a job or task that some people believe is not challenge, brainless, and requires little or no thinking ability

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd