Week 6 Research Paper

Posted on January 22, 2025
Week 6 Research Paper
Threat Modeling
A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:
  • User authentication and credentials with third-party applications
  • 3 common security risks with ratings: low, medium or high
  • Justification of your threat model (why it was chosen over the other two: compare and contrast)
You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.
Your paper should meet the following requirements:
  • Be approximately4.5 pages in length, not including the required cover page and reference page.
  • Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
  • Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
  • Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.

Disclaimer

The assignment sample provided by Assignments Consultancy is a previously completed work for another student and contains plagiarism. It is being shared only as a reference or guideline to help you understand how to structure and approach your own assignment. We do not recommend submitting it directly as your own work. You are solely responsible for ensuring the originality and integrity of the assignment you submit, and we advise using this sample only as inspiration while adhering to your institution's academic policies.

Solution

As the CIO of a new healthcare facility, I recommend the STRIDE threat model for the organization. The STRIDE model provides a comprehensive approach to identifying and mitigating threats to the organization's information systems. The STRIDE model is an ac ronym for : Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, and Elevation of privilege (Khan, 2017). Microsoft developed this model as a way of helping software developers identify potential vulnerabilities in their applications.

Spoofing refers to impersonating a trusted entity or system to gain access to sensitive information or systems (Khan, 2017). Tampering refers to unauthorized changes made to data or systems, often to steal information or disrupt operations (Khan, 2017). Repudiation refers to the ability of an attacker to deny that an action was taken or data was accessed, which can make it difficult to trace and prosecute cybercriminals (Khan, 2017). Information disclosure refers to the unauthorized access of sensitive or confidential data. Denial of Service attacks aims to disrupt the normal operations of a system, while Elevation of Privilege attacks aim to give an attacker greater access and control than they would normally have (Khan, 2017).

LEAVE A COMMENT

Comment Box is loading comments...