Home Uncategorized My home work

Uncategorized

My home work

Please see the brief and case study before doing itPlese follow the brief and instructions and i have attached a template of my work you can exactly like this please draw the diagram in lucid chart or any other designer software. But use by your own not from the internet. Cover all the topics which they have mentioned in the brief follow the Rubric the last page of brief thanks.

MIS607_Assessment_2_Case Scenario Page 1 of 1

Case Scenario

The Business & Communication Insurance (B&C Insurance) began business as a private health insurer, established

by Gary RT.L & family in 1965 through the Health Insurance Commission. This company was set up to compete

with private “for-profit” funds. The company’s headquarters is located in New York and has offices in various

other countries including Spain, Australia and Hong Kong. The CEO of the B&C Insurance recently received a

ransom email from an unknown company claiming that they have access to the company strategic plans and

personal details of 200,000 clients. A sample of personal details of 200 clients was included in the email as a

‘proof’.

Ransom emails are normally sent through unreliable external networks that are outside the company’s security

boundary. The CEO consulted the senior management and they acted promptly to investigate and contain the

threat with the aid of forensic computer specialists. The first step was to validate the threat. The management

team found a discussion on a hacker site in the dark net that had personal information of 200,000 clients of B&C

Insurance for sale. This also included the details of the 200 clients, provided in the ransom email as ‘proof’. The

investigation also confirmed that the details of the 200 customers are genuine.

The senior management considered the need to identify threats and give practical guidance on how to manage

the risks of identity fraud to be of utmost importance. Therefore, a team of consultants was appointed to prepare

a series of reports to identify various threats and to develop cybersecurity crisis management plans in order to

respond to potential threats/ risks of sophisticated hackers penetrating into the internal systems of the company

and accessing client information.

As the cybersecurity specialist in the team, you have been asked to write a report to identify the threat types

and key factors involved. In doing so, you are required to identify the most ‘at-risk’ components, create

awareness among the staff of such high-risk components and how to manage them. In addition, this report is to

help key stakeholders, including the executive managers, to make decisions on what course of actions must be

undertaken to mitigate potential threats.

https://en.wikipedia.org/wiki/Health_Insurance_Commission

MIS607_Assessment_2_Brief_Threat Model Report_ Module 4.2 Page 1 of 4

Task Summary
You are required write a 1500 words Threat modelling report in response to a case scenario by identifying the
threat types and key factors involved. This assessment is intended to build your fundamental understanding of
these key threats so that you will be able to respond/mitigate those factors in Assessment 3. In doing so, this
assessment will formatively develop the knowledge required for you to complete Assessment 3 successfully.

Context
Security threat modelling, or threat modelling is a process of assessing and documenting a system’s security
risks. Threat modelling is a repeatable process that helps you find and mitigate all of the threats to your
products/services. It contributes to the risk management process because threats to software and infrastructure
are risks to the user and environment deploying the software. As a professional, your role will require you to
understand the most at-risk components and create awareness among the staff of such high-risk components
and how to manage them. Having a working understanding of these concepts will enable you to uncover threats
to the system before the system is committed to code.

Task Instructions

1. Carefully read the attached the case scenario to understand the concepts being discussed in the case.

2. Review your subject notes to establish the relevant area of investigation that applies to the case. Re-
read any relevant readings that have been recommended in the case area in modules. Plan how you
will structure your ideas for the threat model report.

3. Draw a use DFDs (Data Flow Diagrams):

• Include processes, data stores, data flows
• Include trust boundaries (Add trust boundaries that intersect data flows)
• Iterate over processes, data stores, and see where they need to be broken down
• Enumerate assumptions, dependencies
• Number everything (if manual)

ASSESSMENT 2 BRIEF
Subject Code and Title MIS607 Cybersecurity

Assessment Threat Model Report

Individual/Group Individual

Length 1500 words (+/- 10%)

Learning Outcomes The Subject Learning Outcomes demonstrated by successful completion of

the task below include:
b) Explore and articulate cyber trends, threats and staying safe in

cyberspace, plus protecting personal and company data.
c) Analyse issues associated with organisational data networks and

security to recommend practical solutions towards their resolution.
d) Evaluate and communicate relevant technical and ethical

considerations related to the design, deployment and/or the uses
of secure technologies within various organisational contexts.

Submission

Due by 11.55 pm AEST Sunday end of Module 4.1

Weighting 35%

Total Marks 100 marks

MIS607_Assessment_2_Brief_Threat Model Report_ Module 4.2 Page 2 of 4

• Determine the threat types that might impact your system
• STRIDE/Element: Identifying threats to the system.
• Understanding the threats (threat, property, definition)

4. The report should consist of the following structure:

A title page with subject code and name, assignment title, student’s name, student number, and lecturer’s
name.

The introduction that will also serve as your statement of purpose for the report. This means that you will
tell the reader what you are going to cover in your report. You will need to inform the reader of:

a) Your area of research and its context
b) The key concepts of cybersecurity you will be addressing and why you are drawing the threat

model
c) What the reader can expect to find in the body of the report

The body of the report) will need to respond to the specific requirements of the case study. It is advised
that you use the case study to assist you in structuring the threat model report, drawing DFD and
presenting the diagram by means of subheadings in the body of the report.

The conclusion will summarise any findings or recommendations that the report puts forward regarding
the concepts covered in the report.

5. Format of the report
The report should use font Arial or Calibri 11 point, be line spaced at 1.5 for ease of reading, and have
page numbers on the bottom of each page. If diagrams or tables are used, due attention should be given
to pagination to avoid loss of meaning and continuity by unnecessarily splitting information over two
pages. Diagrams must carry the appropriate captioning.

6. Referencing
There are requirements for referencing this report using APA style for citing and referencing research. It is
expected that you used 10 external references in the relevant subject area based on readings and further
research. Please see more information on referencing here:
https://library.torrens.edu.au/academicskills/apa/tool

7. You are strongly advised to read the rubric, which is an evaluation guide with criteria for grading the

assignment. This will give you a clear picture of what a successful report looks like.

Submission Instructions
Submit Assessment 2 via the Assessment link in the main navigation menu in MIS607 Cybersecurity. The
Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in
My Grades.

Academic Integrity Declaration
I declare that, except where I have referenced, the work I am submitting for this assessment task is my own
work. I have read and am aware of the Torrens University Australia Academic Integrity Policy and Procedure
viewable online at http://www.torrens.edu.au/policies-and-forms.
I am aware that I need to keep a copy of all submitted material and their drafts, and I will do so accordingly.

https://library.torrens.edu.au/academicskills/apa/tool

http://www.torrens.edu.au/policies-and-forms

MIS607_Assessment_2_Brief_Case Study_ Module 4.2 Page 3 of 4

Assessment Rubric

Assessment Attributes

Fail
(Yet to achieve minimum

standard)
0-49%

Pass
(Functional)

50-64%

Credit
(Proficient)

65-74%

Distinction
(Advanced)

75-84%

High Distinction
(Exceptional)

85-100%

Visual appeal and
presentation of
content

Title page included.
Adheres to the font,
spacing, format, and
word count
requirement.
Appropriate use of
paragraphs, sentence
construction, spelling,
and grammar.
20%

No title page. Incorrect
font and size with poor
line spacing and large
gaps in pagination, tables,
or diagrams. Report is
written as a block of text
with no breaks in between
ideas. Separate ideas
cannot be clearly
discerned. Many errors in
spelling or grammar. Does
not adhere to the word
count requirement.

Title page is included. Missing
most information. Incorrect
font and size is used or poor
line spacing and large gaps in
pagination.
Paragraphs are used but large
blocks of text with long
sentences make it difficult to
understand the ideas being
conveyed.
Spelling or grammar has
errors but meaning remains
clear. Does not adhere to the
word count requirement.

Title page is included but is
missing key information.
Some errors in font use and
line spacing. Some
pagination problems.
One idea or concept per
paragraph. Some
paragraphs could be more
succinctly written.
Minor spelling or grammar
errors. Adheres to the word
count requirement.

Title page is included with
most required information.
Minor errors in font,
spacing and format.
One idea or concept per
paragraph with 3–4 well-
constructed sentences per
paragraph.
No errors in spelling or
grammar. Adheres to the
word count requirement.

Title page is included with
all required information.
Font, spacing, and format
are in accordance with the
requirements of the
assignment brief.
Expert use of paragraphs
with 3–4 well-constructed
sentences per paragraph
that follow logically from
each other.
No errors in spelling or
grammar. Adheres to the
word count requirement.

Knowledge and
understanding

Understanding of the
key concepts.
Core components of
Data flow diagram
(DFD) addressed.
Analysis and evaluation
of the threat modelling.

50%

Lack of understanding of
the required concepts and
knowledge. Core
components of the DFD
not addressed.
Lack of analysis and
evaluation threat types
and its applicability to
threat modelling.

Limited understanding of
required concepts and
knowledge.
Some of the key components
of the DFD are not addressed.
Limited analysis and
evaluation of threat types
and its applicability to threat
modelling.

Adequate knowledge or
understanding of the
required concepts.
Key components of the DFD
are addressed.
Understand the context and
impact the threat modelling
concept represents for
data. Identifies logical
flows, threats, risks and
questions the viewpoints of
the attacker.

Thorough understanding of
the key concepts.
All core components of the
DFD addressed.
Well-demonstrated
capacity to analyse and
evaluate the threat
modelling concept.
Identifies logical flows and
threats and presents
suggestions the attacker
can use to develop their
technique.

Highly developed
understanding of the key
concepts. Addresses all
core components of the
DFD. Comprehensive
insight demonstrated in the
analysis of various
elements and processes of
the DFD. Expertly
evaluates the thread
model. Provides a
thoughtful critique in the
context of the scenario.

MIS607_Assessment_2_Brief_Case Study_ Module 4.2 Page 4 of 4

Use of academic and
discipline conventions

Formal tone. No use of
first-party perspective.
Meets the assignment
brief regarding
introduction, body, and
conclusion.
Appropriate use of
credible resources.
Correct citation of key
resources using APA
style of referencing.

30%

Does not adhere to the
assignment brief
requirements. Poorly
written with informal tone
using first person
pronouns. No introduction
attempted. Conclusion
not attempted.
Inconsistent and
inadequate use of good-
quality, credible, and
relevant resources to
support and develop
ideas. No use of in-text
references, or no
reference list at the close
of the report. Many
mistakes in using the APA
style.

Written according to
academic genre. Minor errors
in the use of first-person
pronouns.
Introduction attempted but
very generic, and does not
clearly state the purpose of
the report and what the
reader should expect to find
in the body of the report.
Conclusion attempted but
does not include summation
of key concepts discussed in
the report and/or key
conclusions or
recommendations.
Consistent use of credible
and relevant sources. Little
use of in-text referencing.
Some mistakes in using APA
style.

Written according to
academic genre.
Sound use of the
introduction but does not
clearly state either the
purpose of the report or
what the reader should
expect to find in the body
of the report. Sound use of
the conclusion and
succeeds in either the
summation of key concepts
discussed, or key
conclusions.
Consistent use of credible
and relevant. Good use of
in-text referencing. Minor
errors in using the APA
style.

Well-written and adheres to
the academic genre.
Good use of the
introduction, which clearly
states the purpose of the
report and what the reader
should expect to find in the
body of the report. Good
use of the conclusion and
succeeds in summation of
key concepts discussed and
key conclusions.
Expert use of good quality,
credible, and relevant
sources. Very good use of
in-text referencing. No
mistakes in using the APA
style.

Expertly written and
adheres to the academic
genre.
Excellent use of the
introduction, which secures
the attention of the reader,
clearly states the purpose
of the report and what the
reader should expect to
find in the body of the
report. Excellent use of the
conclusion, which succeeds
in confident summation of
key concepts and
conclusions.
Expert use of high-quality
credible and relevant
sources. Excellent and
meticulous use of in-text
referencing. No mistakes in
using the APA style.

MIS607 – Cybersecurity

Assessmet Title: Threat Model Report

Student Name:

Student Number:

Lecturer:

Trimester 3 (2020)

Academic Integrity Declaration
I declare that, except where I have referenced, the work I am submitting for this assessment task is
my own work. I have read and am aware of the Torrens University Australia Academic Integrity Policy
and Procedure viewable online at http://www.torrens.edu.au/policies-and-forms. I am aware that I
need to keep a copy of all submitted material and their drafts, and I will do so accordingly.

1. Introduction

This section serves as the statement of purpose for your report. This means that you will tell the
reader “what are going to cover in your report”.

You will need to inform the reader of:

 Your area of research and its context
 The key concepts of cybersecurity you will be addressing and why you are drawing the threat

model
 What the reader can expect to find in the body of the report.

2. Main Discussion

You will need to respond to the specific requirements of the case study/scenario.

It is advised that you use the case scenario/study to assist you in “structuring” the Threat Model
Report, drawing DFD and presenting the diagram by means of “subheadings” in the body of the
report.

IMPORTANT NOTE: Make sure to pay careful attention to the “Task Instruction” on page 1 and 2 of
MIS607 Assessment Brief 2.

3. Conclusion

The conclusion section is where you will need to summarise any findings or recommendations that
the report puts forward regarding the concepts covered in the report. Overall, the conclusions
section reminds the reader what the paper has been about.

4. References

It is expected that you use 10 external references in the relevant subject area based on your readings
and further research. Make sure to use more academic related references (e.g. Journal Articles,
Book Chapters and etc.). It is essential that you use and focus on APA Referencing Style (APA 6th
Edition) for referencing.

IMPORTANT NOTES:
 Please submit ONE WORD DOCUMENT ( OR x) via the MIS607 Assessment 2

submission line on your MIS607 Blackboard page.
 Please make sure to use font Arial or Calibri 11 point, line spacing 1.5 and insert page numbers

on the bottom of each page.
 MIS607 Assessment 2 is an “individual” assessment and should be submitted by 11:55 PM AEST

Sunday of Week 7 (End of Module 4.1)
 This Assessment should be Maximum 1500 Words (+/- 10%) and is 35% of the final mark.
 The Cover Page, Academic Declaration Paragraph, and References are not included in the word

count.
 All Figures/Tables require being labelled and numbered appropriately (e.g. Table 1….., Table

2……).
 All Figures/Tables require being initially introduced and then discussed in-detail and in-depth.
 The sources for the used information within the Figures/Tables require being clearly inserted.
 Please make sure to review the MIS607 Assessment 2 Brief and the Marking Rubric and be in

touch if any further clarification is required.

MIS

Cybersecurity

Threat Model Report

Student Name: Satyanarayana Maradapa

Student ID: 0030

759T

Lecturer: Dr Shahrzad Saremi

Trimester 3 (2020)

Academic Integrity Declaration

I declare that, except where I have referenced, the work I am submitting for this assessment task is my own work, I have read and am aware of the Torrens University Australia Academic Integrity Policy ad procedure viewable online at

http://www.torrens.edu.au/policies-and-forms

. I am aware that I need to keep a copy of all submitted material and their drafts, and I will do so accordingly.

Contents
Introduction

Key objectives of computer security

3
Cyber Threats 3
Threat Modelling

Cryptography 5
Authentication 6
Real-Time Cyber Threat Detection and Mitigation 6
Intrusion Detection System 6
Intrusion Prevention System 7
Data Flow Diagram

Conclusion 10
References 11

List of Figures

Figure 1: Types of Cyber Threats

Figure 2: Threat Modelling

Figure 3: Stride stages

Figure 4: Characteristics of Cryptography

Figure 5: Cryptography

Figure 6: Types of Authentication

Figure 7: Intrusion Detection System

Figure 8: Intrusion Prevention System

Figure 10: Context Diagram

Figure 11: Data Flow Diagram

List of Tables

Table 1: Data Flow Table

Introduction

Cybersecurity provides feature or services to protect their system, devices, network, and data from the various malicious attacks done by the attackers or hackers to steal the data and harm the B&C Insurance. With the help of the internet, every system in the company or organization becomes digitized. This means all the business process depends on the internet. It is easy to understand that if the system makes advanced, then the threats and risks are also increasing. So to prevent these threats, the concept of Cybersecurity is introduced in the world. In this section, various types of threats and their prevention are discussed to enhance the Business &Communication Insurance security.

Key objectives of computer security

1. Confidentiality

Confidentiality here refers to the security of the data by eliminating unauthorized and illegal access by the attackers. To improve the data’s security by giving attention to various actions performed by Business &Communication Insurance like encryption and authentication.

2. Integrity

Integrity here refers to the security of the data by protecting the data from accidental and unauthorized change. It helps to maintain the accuracy, validity, and consistency of the system (Lites, 2019).

3. Availability

Availability here refers to the availability of the data and resources to the users and the system.

There are some more critical factors which play a significant role in the Cybersecurity and are expressed below:

1. Asset

It is the data or information which is very valuable for the organizations.

2. Vulnerability

Vulnerability is the weakness that cyber attackers use to damage the data of the organizations (Minnaar, 2016).

3. Threat

The threat is how cyber attackers use to attack the assets of the company or organization.

4. Risk

Risk is a kind of attack which are performed by cyber attackers. If it occurs, then it will cause damage to assets.

5. Countermeasure

Countermeasure is security protection which is usually designed to eliminate the risks, vulnerabilities, and the threat.

Cyber Threats

Cyber Threats are the type of malicious attack done by the individual or attackers to harm or disrupt the data or information present in the computer network or system. These attacks are occurred for stealing the organizations’ sensitive data. It also involves the unauthorized attempt to access files in organizations like B&C insurance (Parn & Edwards, 2019). There are various types of common cyber-attacks are there like malware, denial of service, and phishing attack and can be classified given below:

Figure 1: Types of Cyber Threats
(Source: Author)
Software Attack: Software attacks are malicious attacks that harm the computer or system to steal the organizations or company data or information associated with B&C Insurance. Some of the software used in the software attacks is Trojan horse, Ransomware, and viruses.
Web Attack: If there are severe weaknesses and vulnerabilities present in the system, and then it allows attackers or criminals to illegally access the database to steal the B&C Insurance organization’s sensitive data or information.
Network Attack: It is a kind of unauthorized or illegal access in the network of B&C Insurance. The main aim of a network attack is to steal valuable data or information with the help of malicious activity (Sapienza, et al. 2017).
Hardware Attack: If there are severe weaknesses and vulnerabilities present in the system, it allows attackers or criminals to attack through the remote or physical access into the system’s hardware.

Threat Modelling
It is a process of enhancing the security of the network by knowing the objectives and issues. Countermeasures are used to define threat modelling to reduce the threat in the system. There are various stages of threat modelling for B&C Insurance which are given below:

Figure 2: Threat Modelling
(Source: Author)
It is necessary to deal with the cybercrime, so for this, there are various approaches which the organization like B&C Insurance used to deal with cybercrime or attack like Stride, Attack Tree, CVSS, Dread, and Trike (Desmet, et al. 2016). Stride is the most common methodology which was developed by the Microsoft for threat modelling and has six stages which are given below:

Figure 3: Stride stages
(Source: Author)

Cryptography
Cryptography is a process used to secure the information, data, and communications through codes that are not understandable by humans (Whiteman & Corps, 2020). These codes are the machine codes and can only be understood by the receiver (Shree, 2017). There are some of the characteristics of the cryptography which are:

Figure 4: Characteristics of Cryptography
(Source, Author)

Figure 5: Cryptography
(Source: Author)

Authentication
It is a process of identifying user identity. Authentication can be done with the help of the credentials and helps to make the system secure. There are different types of authentication are there which are given below:

Figure 6: Types of Authentication
(Source, Author)

Real-Time Cyber Threat Detection and Mitigation

Intrusion Detection System
IDS, which is also known as Intrusion Detection System, is a device used to monitor or audit malicious and harmful activities on the network or system and respond to you when it detects any kind of attack and is said to be Intrusion Detection System (Vigneswaran, et al. 2018).

Figure 7: Intrusion Detection System
Source: (Vigneswaran, et al. 2018)

Intrusion Prevention System
IPS, also known as Intrusion Prevention System, is a device used to monitor or audit malicious and harmful activities on the network or system and prevent these attacks (Yılmaz & Gönen, 2018).

Figure 8: Intrusion Prevention System
Source: (Novokhrestov, 2020)
Data Flow Table

Table 1: Data Flow Table

External Entity

Data flow

Function

Data storage

Customer

Vehicle Reservation

Search availability, Book Vehicle, Cancel booking

Device Response

Receptionist

Vehicle Reservation

Check Availability

Device Response, Device Request, Update Request

Manager

Vehicle Reservation

Vehicle service, Vehicle availability, book Vehicle

Device Response, Device Request, Update Request

Hr Admin

Vehicle Reservation

Hr portal, hiring staff

Device Response, Device Request, Update Request

Figure 10: Context Diagram
(Source: Author)

Data Flow Diagram

Figure 11: Data Flow Diagram
(Source: Author)
The diagram shown above represents the data flow diagram for project Vehicle availability for B&C Insurance. In this diagram, the work is represented in an oval shape, the help of rectangular boxes indicates the entities, and the arrows between the components represent the data flow.
Elements used in the data flow diagram:
1. Service Availability: At first the customer or the user needs to search the availability of the vehicles so that they will take the vehicles on rent for their work and can use this service fluently.
2. Check updates: In this manager check the availability of the vehicle according to the requirement of the user or the customer and if there is any update are there then informed it to the user or customer.
3. Vehicle Service: Vehicle service is provided to the customer or the user on some rent according to the requirements.
4. HR Portal: This portal is made for the user or customer for the purpose of requesting the service and if they have any query then they feel free to ask their query on it.
5. Vehicle Booking: If the client wants to book the vehicle or want to take the service on rent then they can book their services on it.
6. Cancel Booking: This is the better feature for the customer to cancel the booking if they do not want it anymore. Clients who book the vehicles have opportunity to cancel it later if they change their plans.
7. Vehicle Reservation: It is the process of reserving the vehicle by the customer or the user. All of these services have given to the user on rent to make the user task easy.

Conclusion
Cyberspace provides facilities or services to protect its systems, devices, networks, and data from various malicious attacks by attackers or hackers stealing data and harming the organization. With the help of the Internet, every system of a company or Business &Communication Insurance goes digital. This means that all business processes depend on the Internet. It is easy to understand that the dangers and risks are also increasing if a system upgrade occurs. Cybersecurity is responsible for providing secure network services to B&C Insurance to meet its business objectives. It improves production speed, business processes, and secures the company’s sensitive data. Many hazards affect the security of the company. Various types of risk and B&C Insurance issues are clearly explained in this report. Threat modelling is the process of analyzing or improving the network’s security by knowing vulnerabilities and objectives, which helps eliminate the impact of threats on the system. Through this threat model report, organizations and companies can easily be able to make their networks secure.

References
Desmet, L., Jacobs, B., Piessens, F., & Joosen, W. (2016). Threat modelling for web services based web applications. In Communications and multimedia security (pp. 131-144). Springer, Boston, MA.
Lites, B. C. (2019). 03. Introduction to CyberSecurity (No. SAND2019-12329C). Sandia National Lab. (SNL-NM), Albuquerque, NM (United States).
Minnaar, A. (2016). ‘Crackers’, cyberattacks and cybersecurity vulnerabilities: the difficulties in combatting the’new’cybercriminals. Acta Criminologica: African Journal of Criminology & Victimology, 2016(Special Edition 2), 127-144.
Novokhrestov, A., Konev, A., Shelupanov, A., & Buymov, A. (2020, March). Computer network threat modelling. In Journal of Physics Conference Series (Vol. 1488, p. 012002).
Parn, E. A., & Edwards, D. (2019). Cyber threats confronting the digital built environment. Engineering, Construction and Architectural Management.
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., & Ferrara, E. (2017, November). Early warnings of cyber threats in online discussions. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW) (pp. 667-674). IEEE.
Shree, D. (2017). A review on cryptography, attacks and cyber security. International Journal of Advanced Research in Computer Science, 8(5).
Vigneswaran, K. R., Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2018, July). Evaluating shallow and deep neural networks for network intrusion detection systems in cyber security. In 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-6). IEEE.
Whiteman, M., & Corps, N. T. I. R. (2020). Cybersecurity (CS 3550): Lecture 9-10: Data Protection & Cryptography.
Yılmaz, E. N., & Gönen, S. (2018). Attack detection/prevention system against cyber-attack in industrial control systems. Computers & Security, 77, 94-105.

Hardware Attack

Software Attack

Web Attack

Network Attack

Select the use case of an application

Construct a DFD (Data Flow Diagram)

Investigation of IT risks

Analyse each risk

Spoofing

Tampering

Information Disclosure

Elevation of privilege

Denial of Service

Repudiation

Confidentiality

Integrity

Authentication

Non-repudiation

Point to Point Authentication Protocol

AAA Architecture Protocol

Kerberos

Web Authentication

MIS

Cybersecurity

Threat Model Report

Student Name: Satyanarayana Maradapa

Student ID: 0030

759T

Lecturer: Dr Shahrzad Saremi

Trimester 3 (2020)

Academic Integrity Declaration

http://www.torrens.edu.au/policies-and-forms

. I am aware that I need to keep a copy of all submitted material and their drafts, and I will do so accordingly.

Contents
Introduction

Key objectives of computer security

3
Cyber Threats 3
Threat Modelling

Cryptography 5
Authentication 6
Real-Time Cyber Threat Detection and Mitigation 6
Intrusion Detection System 6
Intrusion Prevention System 7
Data Flow Diagram

Conclusion 10
References 11

List of Figures

Figure 1: Types of Cyber Threats

Figure 2: Threat Modelling

Figure 3: Stride stages

Figure 4: Characteristics of Cryptography

Figure 5: Cryptography

Figure 6: Types of Authentication

Figure 7: Intrusion Detection System

Figure 8: Intrusion Prevention System

Figure 10: Context Diagram

Figure 11: Data Flow Diagram

List of Tables

Table 1: Data Flow Table

Introduction

Key objectives of computer security

1. Confidentiality

2. Integrity

3. Availability

Availability here refers to the availability of the data and resources to the users and the system.

There are some more critical factors which play a significant role in the Cybersecurity and are expressed below:

1. Asset

It is the data or information which is very valuable for the organizations.

2. Vulnerability

Vulnerability is the weakness that cyber attackers use to damage the data of the organizations (Minnaar, 2016).

3. Threat

The threat is how cyber attackers use to attack the assets of the company or organization.

4. Risk

Risk is a kind of attack which are performed by cyber attackers. If it occurs, then it will cause damage to assets.

5. Countermeasure

Countermeasure is security protection which is usually designed to eliminate the risks, vulnerabilities, and the threat.

Cyber Threats

Figure 3: Stride stages
(Source: Author)

Figure 4: Characteristics of Cryptography
(Source, Author)

Figure 5: Cryptography
(Source: Author)

Figure 6: Types of Authentication
(Source, Author)

Real-Time Cyber Threat Detection and Mitigation

Figure 7: Intrusion Detection System
Source: (Vigneswaran, et al. 2018)

Figure 8: Intrusion Prevention System
Source: (Novokhrestov, 2020)
Data Flow Table

Table 1: Data Flow Table

External Entity

Data flow

Function

Data storage

Customer

Vehicle Reservation

Search availability, Book Vehicle, Cancel booking

Device Response

Receptionist

Vehicle Reservation

Check Availability

Device Response, Device Request, Update Request

Manager

Vehicle Reservation

Vehicle service, Vehicle availability, book Vehicle

Device Response, Device Request, Update Request

Hr Admin

Vehicle Reservation

Hr portal, hiring staff

Device Response, Device Request, Update Request

Figure 10: Context Diagram
(Source: Author)

Data Flow Diagram

Hardware Attack

Software Attack

Web Attack

Network Attack

Select the use case of an application

Construct a DFD (Data Flow Diagram)

Investigation of IT risks

Analyse each risk

Spoofing

Tampering

Information Disclosure

Elevation of privilege

Denial of Service

Repudiation

Confidentiality

Integrity

Authentication

Non-repudiation

Point to Point Authentication Protocol

AAA Architecture Protocol

Kerberos

Web Authentication

Turn in your highest-quality paper
Get a qualified writer to help you with

“ My home work ”

Get high-quality paper

NEW! AI matching with writer

Hire a Writer

Client Reviews

4.9

Sitejabber

4.6

Trustpilot

4.8

Our Guarantees

100% Confidentiality

Information about customers is confidential and never disclosed to third parties.

Original Writing

We complete all papers from scratch. You can get a plagiarism report.

Timely Delivery

No missed deadlines – 97% of assignments are completed in time.

Money Back

If you're confident that a writer didn't follow your order details, ask for a refund.

New to Your Trusted Assignment Help Service? Sign up & Save

Calculate the price of your order

Type of paper needed:

Pages:

You will get a personal manager and a discount.

Academic level:

We'll send you the first draft for approval by at

Total price:

$0.00

Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.

Power up Your Study Success with Experts We’ve Got Your Back.

Order Now Order Now