etc r2

OriginalityReport.pdf

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 1/8

%75

SafeAssign Originality Report Summer 2022 - Emerging Threats & Countermeas (ITS-834-A04) - Fir… • Week 3 Research Paper

%75Total Score: High riskAnkitha Pagadala Submission UUID: 9506454a-edbe-1731-3328-248c37ce189a

Total Number of Reports

1 Highest Match

75 % week 3 research paper.docx

Average Match

75 % Submitted on

05/19/22 07:21 PM CDT

Average Word Count

1,327 Highest: week 3 research paper.docx

%75Attachment 1

Institutional database (12)

Student paper Student paper Student paper

Internet (1)

wikipedia

Top sources (3)

Excluded sources (0)

View Originality Report - Old Design

Word Count: 1,327 week 3 research paper.docx

3 7 4

2 11 5

12 8 13

10 6 9

3 Student paper 7 Student paper 4 Student paper

THREAT MODEL IN NURSING 1

THREAT MODEL IN NURSING 2

Threat model in nursing Ankitha Pagadala

ITS 834

Introduction

Due to technological advancement, healthcare technology utilizes advanced software to store, analyze, and retrieve sensitive customers during care delivery. However, the threat of data breaches by the black hat hackers is still a challenge that should be eradicated at any cost. The patients' critical information is moni-

tored by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Basile, Gaia & Sanders, 2020). The act can penalize an individual professional or the entire healthcare facility for up to one million USD for sharing or compromising the patients' information with a third party without the patient's consent. The CEO of a new healthcare facility has provided me with the responsibility and accountability for protecting the patients and organizational data. The research will identify the most effective threat model for implementation in a new healthcare facility to enhance data security. Threat modeling

A threat model is an activity in security system development that focuses on generating better and more secure applications. The procedure allows for the

identification of critical assets, the assessment of potential risks, and the creation of mitigation strategies. Threat modeling provides information on the most

likely attack trajectories, primary assets, and unnoticed attack vectors. A security risk is assigned to the identified risks, and essential assets are prioritized. According to the European Union Agency for Cybersecurity, anything that has value to the organization, its business activities, and its continuity, including information resources that serve its goal (Anwar, Nazir & Ansari, 2020). The technique can be used in a new healthcare institution to quickly identify confidentiality and security issues,

understand security demands, and implement more robust security systems. Security Risks and Rating

Authentication, access or authorization, and privacy are three major data security concerns for a new healthcare facility. The former refers to risks involving

2 3

4 3

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=54a310bf-53d0-4273-809f-6091ec71507f&course_id=_148955_1&download=true&includeDeleted=true&print=true&force=true

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 2/8

a user's identity, implying that an attacker has access to the system. Possible concerns in this regard include the loss of user identities and login credentials and

the sharing of these credentials with family, friends, or healthcare professionals (Omotosho, Ayemlo Haruna & Mikail Olaniyi, 2019). As a result, sensitive patient

data is exposed, and data is tampered with. Potential implications are classified as high, medium, or low depending on how an organization's resources are allo-

cated. Threats associated with illegal access to healthcare systems are examples of recognizable hazards in terms of authorization and access. Interference

with data, increased authorization opportunities, and the disclosure of private information are all examples of access concerns. Insider attackers who desire more comprehensive access to system elements frequently face the second threat, which involves the advancement of privileges. Third, numerous privacy dangers exist, such as gaining access to personal data in storage or interfering with health information. An attack on a client's communication devices or electronic health sys-

tem servers could compromise critical information in storage. Human attackers can gain access to data that was not intended to be made public. The fol-

lowing table categorizes the identified threats for the future healthcare facility:

Descriptions Impact

Authentication

1 Loss of patients' sensitive information: sharing of login to the public either by leaking important information on the social media by leaving a file or a digital note Low

2 Patient's Identity threat: Data breach imposed by the computer system administrator Medium

3 Spoofing of identity: A patient providing sensitive log in to a third party such as black hat hackers through phishing attacks. High

Assess/Authorization

1 Accessibility of patients' information through common login details High

2 The internal attacks by care professionals and administration through unintentional and intentional modification Medium

3 Vulnerabilities in the administration interfaces that lead to malicious High

Privacy

1 Exposure of patient’s data through communication devices High

2 Exposure of patient’s data by losing the internet device Low

3 Poor internet control, thus exposing the data to black hat hackers Medium

Threats Modeling Techniques

Based on my analysis, the healthcare organization needs to consider the following technique: STRIDE, PASTA, and attack threes. STRIDE Spoofing,

Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege are all memory aids. By generating data-flow diagrams, the model

now contains new threat-centric tables and two alternatives, STRIDE-per-Interaction and STRIDE-per-Element. The model determines the system's sources, con-

ditions, and limitations. The methodology is now implemented as part of Microsoft's Security Development Lifecycle (SDL).

5 3

3 9

4 10

In terms of familiarity and implementation, it is less complicated. However, the methodology is time-consuming and fails to identify severe threats. PASTE

The name PASTA stands for Process for Attack Simulation and Threat Analysis, and it is a mechanism for aligning corporate goals with technical requirements.

The approach takes into account the necessity for impact assessment and compliance. It's a seven-phase process for analyzing dangers, with the results provid-

ing information on risk control, listing, and ranking. The methodology combines threat and impacts analysis with an attacker-focused perspective on potential dan- gers. By involving main stakeholders, the modeling approach considers both the application development process and the business strategy. Given the ex-

tensive training and instruction required, such alignment may limit the model's use. Attack Trees The use of this model is common in various applied techniques on a variety of systems. Attack trees, which were once used solely, are now integrated with other frameworks such as PASTA and STRIDE. The model is represented

by a tree root representing the attack's goal, while the leaves represent the means to achieve that goal. Different trees represent different goals, resulting in a

collection of attack trees. Security data administrators can develop the model to provide insight into related decisions, assess a specific type of threat, and un-

derstand the healthcare system's vulnerability. The disadvantages of attack trees are that they are difficult to design new and generic models, and there are no guide- lines for evaluating objectives and threats. Recommendations

Due to its relative advantages, STRIDE is the most preferred threat model for a new facility. It is simple to learn and apply, it is a leading mature methodol-

ogy, and it provides excellent documentation. The STRIDE model divides threats into six categories to identify the various risks that devices pose to the healthcare sys- tem. The framework identifies potential risks, which are then rated according to their severity (Kamal, Yen, Hui & Ling, 2020). As a result, countermeasures for

the three main threats to health data systems, authentication, access, and privacy, are being proposed. The framework is used to create data flow diagrams, de-

fine security assumptions, and identify system risks. The dotted lines demarcate the separation of authorization and access. The diagram below shows a

UML diagram for the new healthcare facility using a simplified STRIDE model. Conclusion

With the prevalence of new threats happening throughout an application's development lifetime, security specialists are faced with a critical necessity to choose

the correct threat modeling technique for their entity's specific concerns, given the changes in threat models over time. The healthcare data framework is upgraded using a threat model, protecting linked information from potential security threats such as patient information exposure, unauthorized access, and attackers altering patient data. The STRIDE technique is used in this study to mitigate risk and provide a set of options for adoption in a new healthcare institution.

References

3 7

11 7

11 4

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 3/8

Source Matches (45)

wikipedia 64%

Student paper 100%

Student paper 91%

Student paper 82%

Student paper 97%

Student paper 100%

Student paper 86%

Anwar, M. N., Nazir, M., & Ansari, A. M. (2020). Modeling security threats for smart cities: A stride-based approach. In Smart Cities—Opportunities and Challenges (pp. 387-396). Springer, Singapore. Basile, J. L., Gaia, J., & Sanders, G. L. (2020). Who Has My Data? Factors Contributing to HIPAA (Non) Compliant Behaviors. Journal of Strategic Innovation and Sustainability, 15(2), 83-108. Kamal, A. H. A., Yen, C. C. Y., Hui, G. J., & Ling, P. S. (2020). Risk Assessment, Threat Modeling, and

Security Testing in SDLC. arXiv preprint arXiv:2012.07226. Omotosho, A., Ayemlo Haruna, B., & Mikail Olaniyi, O. (2019). Threat modeling of internet of

things health devices. Journal of Applied Security Research, 14(1), 106-121.

12 12 12

13 4

Student paper

The patients'

Original source

"Public standards and patients'

Student paper

A threat model is an activity in security system development that focuses on generating better and more secure applications.

Original source

A threat model is an activity in security system development that focuses on generating better and more secure applications

Student paper

The procedure allows for the identification of critical assets, the assessment of potential risks, and the creation of mitigation strategies.

Original source

The procedure allows for the identification of critical assets, the assessment of potential hazards, and the creation of mitigation strategies

Student paper

Threat modeling provides information on the most likely attack trajectories, primary as- sets, and unnoticed attack vectors. A security risk is assigned to the identified risks, and essential assets are prioritized. According to the European Union Agency for Cybersecurity, anything that has value to the organization, its business activities, and its continuity, including information resources that serve its goal (Anwar, Nazir & Ansari, 2020).

Original source

Threat modelling provides information on the most likely attack trajectories, main assets, and unnoticed assault vectors A security risk is assigned to the identified risks, and essen- tial assets are prioritized According to the European Union Agency for Cybersecurity, an asset is everything of value to the organization, its business activities, and their continuity, such as information resources that support the organization's goal

Student paper

The technique can be used in a new healthcare institution to quickly identify confidential- ity and security issues, understand security demands, and implement more robust secu- rity systems.

Original source

The technique may be used in a new healthcare institution to quickly identify confiden- tiality and security issues, understand security demands, and implement more robust se- curity systems

Student paper

Security Risks and Rating

Original source

Security Risks and Rating

Student paper

Authentication, access or authorization, and privacy are three major data security con- cerns for a new healthcare facility.

Original source

Three main data security risks are authentication, access or authorization, and privacy for a new healthcare facility

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 4/8

Student paper 100%

Student paper 75%

Student paper 79%

Student paper 100%

Student paper 65%

Student paper 83%

Student paper 73%

Student paper 80%

Student paper 74%

Student paper

The former refers to risks involving a user's identity, implying that an attacker has access to the system.

Original source

The former refers to risks involving a user's identity, implying that an attacker has access to the system

Student paper

Possible concerns in this regard include the loss of user identities and login credentials and the sharing of these credentials with family, friends, or healthcare professionals (Omotosho, Ayemlo Haruna & Mikail Olaniyi, 2019).

Original source

Loss of user identities and login credentials, as well as sharing of these credentials with family, friends, or healthcare professionals, are all possible issues in this regard

Student paper

As a result, sensitive patient data is exposed, and data is tampered with.

Original source

As a result, sensitive patient information is revealed, and data is tampered with

Student paper

Potential implications are classified as high, medium, or low depending on how an organization's resources are allocated.

Original source

Potential implications are classified as high, medium, or low depending on how an organization's resources are allocated

Student paper

Threats associated with illegal access to healthcare systems are examples of recognizable hazards in terms of authorization and access.

Original source

Unauthorized access to healthcare systems is one of the identified threats in terms of au- thorization and access

Student paper

Interference with data, increased authorization opportunities, and the disclosure of pri- vate information are all examples of access concerns. Insider attackers who desire more comprehensive access to system elements frequently face the second threat, which in- volves the advancement of privileges. Third, numerous privacy dangers exist, such as gaining access to personal data in storage or interfering with health information.

Original source

Interference with data, advancement of authorization opportunities, and disclosure of private information are all examples of access hazards Insider attackers who want more access to system elements often face the second danger, which involves the advance- ment of privileges Third, numerous privacy dangers exist, such as gaining access to per- sonal data in storage and tampering with health data

Student paper

An attack on a client's communication devices or electronic health system servers could compromise critical information in storage.

Original source

An attack on documents stored on the client's communication devices or on the servers of an electronic health system may compromise sensitive data in storage

Student paper

Human attackers can gain access to data that was not intended to be made public.

Original source

Human attackers have access to information that was not intended to be made public

Student paper

The following table categorizes the identified threats for the future healthcare facility:

Original source

following table categorizes the identified dangers for future healthcare institutions

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 5/8

Student paper 62%

Student paper 63%

Student paper 77%

Student paper 74%

Student paper 89%

Student paper 100%

Student paper 71%

Student paper 92%

Student paper 77%

Student paper

3 Spoofing of identity:

Original source

c) Identity Spoofing

Student paper

2 The internal attacks by care professionals and administration through unintentional and intentional modification Medium 3 Vulnerabilities in the administration interfaces that lead to malicious High

Original source

Data interference through intentional or unintentional modification of data by internal at- tackers such as admins or care professionals Medium Malicious attacks to administration interfaces High

Student paper

Threats Modeling Techniques

Original source

Modeling of Threats

Student paper

STRIDE, PASTA, and attack threes.

Original source

attack trees, PASTA, and STRIDE

Student paper

STRIDE Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege are all memory aids.

Original source

• STRIDE – Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of Service, and Elevation of Privilege

Student paper

By generating data-flow diagrams, the model now contains new threat-centric tables and two alternatives, STRIDE-per-Interaction and STRIDE-per-Element.

Original source

By generating data-flow diagrams, the model now contains new threat-centric tables and two alternatives, STRIDE-per-Interaction and STRIDE-per-Element

Student paper

The model determines the system's sources, conditions, and limitations.

Original source

The model is used to figure out the system's sources, conditions, and limitations

Student paper

The methodology is now implemented as part of Microsoft's Security Development Lifecycle (SDL). In terms of familiarity and implementation, it is less complicated.

Original source

The methodology is now implemented as part of Microsoft's Security Development Lifecycle (S.D.L.) In terms of familiarity and implementation, it is less complicated

Student paper

However, the methodology is time-consuming and fails to identify severe threats.

Original source

However, the model fails to identify significant threats, and is time-consuming

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 6/8

Student paper 100%

Student paper 92%

Student paper 86%

Student paper 82%

Student paper 88%

Student paper 85%

Student paper 100%

Student paper

The approach takes into account the necessity for impact assessment and compliance.

Original source

The approach takes into account the necessity for impact assessment and compliance

Student paper

It's a seven-phase process for analyzing dangers, with the results providing information on risk control, listing, and ranking.

Original source

It's a seven-phase process for analyzing dangers, with the results providing information on risk control, listing, and rating

Student paper

By involving main stakeholders, the modeling approach considers both the application development process and the business strategy.

Original source

By including the main stakeholders, the modeling approach considers both the applica- tion development process and the business strategy

Student paper

Given the extensive training and instruction required, such alignment may limit the model's use. Attack Trees The use of this model is common in various applied techniques on a variety of systems.

Original source

Given the extensive training and instruction necessary, such alignment may limit the model's use ATTACK TREES The use of this model is frequent in a variety of applied tech- niques on a range of systems

Student paper

Attack trees, which were once used solely, are now integrated with other frameworks such as PASTA and STRIDE. The model is represented by a tree root representing the attack's goal, while the leaves represent the means to achieve that goal.

Original source

Attack trees, which were once used solely, are now combined with other systems such as PASTA and STRIDE (Juuso, 2019) The model is represented by a tree root that represents the attack's goal, while the leaves represent the means to achieve that goal (Juuso, 2019)

Student paper

Different trees represent different goals, resulting in a collection of attack trees.

Original source

Different trees represent different goals, resulting in a collection of assault trees

Student paper

Security data administrators can develop the model to provide insight into related deci- sions, assess a specific type of threat, and understand the healthcare system's vulnerabil- ity. The disadvantages of attack trees are that they are difficult to design new and generic models, and there are no guidelines for evaluating objectives and threats.

Original source

Security data administrators can develop the model to provide insight into related deci- sions, assess a particular kind of threat, and understand the healthcare system's vulnera- bility The drawbacks of attack trees is that new and generic models are complex to de- sign, and there are no guidelines for evaluating objectives and threats (Juuso, 2019)

Student paper

Due to its relative advantages, STRIDE is the most preferred threat model for a new facility.

Original source

Due to its relative advantages, STRIDE is the most preferred threat model for a new facility

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 7/8

Student paper 80%

Student paper 92%

Student paper 100%

Student paper 84%

Student paper 89%

Student paper 100%

Student paper

It is simple to learn and apply, it is a leading mature methodology, and it provides excel- lent documentation. The STRIDE model divides threats into six categories to identify the various risks that devices pose to the healthcare system.

Original source

It is simple to learn and deploy, it is a leading mature technique, and it provides excellent documentation The STRIDE model divides threats into six categories in order to identify the many dangers that gadgets pose to the healthcare system

Student paper

As a result, countermeasures for the three main threats to health data systems, authenti- cation, access, and privacy, are being proposed.

Original source

As a result, countermeasures for the three main vulnerabilities to health data systems, authentication, access, and privacy, are being proposed

Student paper

The framework is used to create data flow diagrams, define security assumptions, and identify system risks.

Original source

The framework is used to define security assumptions, create data flow diagrams, and identify system risks

Student paper

The dotted lines demarcate the separation of authorization and access.

Original source

The dotted lines demarcate the separation of authorization and access

Student paper

The diagram below shows a UML diagram for the new healthcare facility using a simpli- fied STRIDE model.

Original source

The diagram below shows a UML diagram applying a simplified SRTIDE model for the new healthcare facility

Student paper

With the prevalence of new threats happening throughout an application's development lifetime, security specialists are faced with a critical necessity to choose the correct threat modeling technique for their entity's specific concerns, given the changes in threat mod- els over time. The healthcare data framework is upgraded using a threat model, protect- ing linked information from potential security threats such as patient information expo- sure, unauthorized access, and attackers altering patient data. The STRIDE technique is used in this study to mitigate risk and provide a set of options for adoption in a new healthcare institution.

Original source

With the frequency of new threats happening during an application's development life- time, security specialists are confronted with a critical necessity to choose the correct threat modeling approach for their entity's unique concerns, given the changes in threat models over time The healthcare data framework is upgraded using a threat model, pro- tecting linked information from possible security risks such as patient information expo- sure, illegal access, and attackers altering patient data The STRIDE technique is used in this research to mitigate risk and provide a set of options for adoption in a new health- care institution

Student paper

A., Yen, C.

Original source

A., Yen, C

Student paper

Y., Hui, G. J., & Ling, P.

Original source

Y., Hui, G J., & Ling, P

5/19/22, 8:08 PM Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=54a310bf-53d0-4273-809f-6091ec71507… 8/8

Student paper 100%

Student paper

Risk Assessment, Threat Modeling, and Security Testing in SDLC. arXiv preprint arXiv:2012.07226.

Original source

Risk Assessment, Threat Modeling and Security Testing in SDLC arXiv preprint arXiv:2012.07226

Student paper

Omotosho, A., Ayemlo Haruna, B., & Mikail Olaniyi, O.

Original source

Omotosho, A., Ayemlo Haruna, B., & Mikail Olaniyi, O

Student paper

Threat modeling of internet of things health devices.

Original source

Threat modeling of internet of things health devices

Student paper

Journal of Applied Security Research, 14(1), 106-121.

Original source

Journal of Applied Security Research, 14(1), 106-121