Reference no: EM132369122

Security Architecture and Design

There is a checklist for "Diving in and Threat Modeling". But before you can do that, you have to fully understand what the checklist is asking you to do. After each checklist item, provide your own definition of what you think the question means.

1. Can we tell a story without changing the diagram?

Assignment: Explain what this question means to you? And then provide your answer to the question of why or why not.

2. Can we tell that story without using words such as "sometimes" or "also?

Assignment: Explain what this question means to you? And then provide your answer to the question of why or why not.

3. Can we look at the diagram and see exactly where the software will make a security decision? Explain what this question means to you? And then provide your answer to the question.

Assignment: Explain what this question means to you? And then provide your answer to the question of why or why not.

4. Does the diagram show all the trust boundaries, such as where different accounts interact? Do you cover all UIDs, all application roles, and all network interface?

Assignment: Explain what this question means to you? And then provide your answer to the question of why or why not.

5. Does the diagram reflect the current or planned reality of the software?

Assignment: Explain what this question means to you? And then provide your answer to the question of why or why not.

6. Can we see where all the data goes and who uses it?

Assignment: Explain what this question means to you? And then provide your answer to the question of why or why not.

7. Do we see the processes that move data from one data store to another?

Assignment: Explain what this question means to you? And then provide your answer to the question of why or why not