Reference no: EM132664402
To enhance the security of information systems, enterprises are developing and adopting information system management systems. However, if an information management system is exploited, applications and the data they contain will be compromised. Therefore, it is important to perform comprehensive threat modeling throughout the enterprise.
Assignment 1. THREAT MODELING
In your own words explain (a) what is threat modeling, and (b) why it is important for an enterprise to address threat modeling extensively.
Meets or exceeds established assignment criteria
Demonstrates an understanding of lesson concepts
Clearly presents well-reasoned ideas and concepts
Assignment 2 - Threat Modeling Project
STRIDE is a model-based threat modeling technique developed by Microsoft. The methodology guides the security analyst through several activities that must be conducted in order for the process to be effective.
For this assignment explain in detail how you would start a threat modeling project.
Assignment 3 - Security Testing Vs. Threat Modeling
Threat modeling and security testing are similar in regard to both serve the purpose of addressing risk, however, both have their own respective specific purpose.
For this assignment identify and explain the key differences between security testing and threat modeling.
Assignment 4- Secret Questions
In this week's reading we looked at accounts, identity, authentication, and account recovery. There is an old adage that says, "You can never be too safe. When it comes to the digital world, it's very true. Cyber hackers and hijackers are lurking everywhere to steal digital information. And while it's a piece of cake for them to get passwords and other sensitive information, for the rest of us, keeping track of login information is a hassle especially since everything needs its own password. It's too much and eventually passwords get forgotten.