ET WK6 paper

profiletina11689
paperreport.pdf
Home>Computer Science homework help>ET WK6 paper

%93

%4

%2

%1

SafeAssign Originality Report Fall 2020 - Emerging Threats & Countermeas (ITS-834-M4… • Week 6 Research Paper

%100Total Score: High riskSruthi Dhadvai Submission UUID: c7dbb6ca-41ed-3d54-7ec3-4a3b18f18021

Total Number of Rep…

1 Highest Match

100 % ThreatModelsinHealthCar…

Average Match

100 % Submitted on

10/01/20 05:17 PM EDT

Average Word Count

1,265 Highest: ThreatModelsinH…

%100Attachment 1

Institutional database (4)

Stud… Stud… My p…

Stud…

Internet (3)

com haide… rmus…

Global database (3)

Stud… Stud… Stud…

Scholarly journals & publications (1)

ProQ…

Top sources (3)

Excluded sources (0)

View Originality Report - Old Design

Word Count: 1,265

ThreatModelsinHealthCareFacilityPaper.docx

2 3 4

6

8 5 1

11 10 7

9

2 Stud… 3 Stud… 8 com

Running Head: THREAT MODELING 1

THREAT MODELING 6

Threat Models in Health Care Facility

Sruthi Dhadvai

University of the Cumberlands

Emerging Threats & Countermeasures (ITS-834-M41) (Fall 2020) Full Term Date

Threat Models in Health Care Facility

The e-health structures is familiar for empowering the social movement of protection and security of the board's records because of locking of workplaces to prepare for the flood of the general population needing emotional organization of therapeutic administrations. The e-health systems have affected improved cycles of work taking everything into account, with providers and the expanded number of patients getting to the fundamental human administrations by guaranteeing smooth and justifiable strategies which can be subject to partner the patients with the associations of medical care experts, (Ahsan & Rahman, 2017). The threat

modeling in this perspective is the act through which the potential risks and alleviations of security are recognized and organized to impact a significant worth, for instance, the privacy of information and innovation protection. Some of the threat models include; dread threat model, stride threat model, and trike threat model. In this paper I ill be discussing three threat modeling systems and clearly analyze them to provide for the most effective model. Example of threats that can occur in a healthcare sector is on the x-ray

machine that has a very low defence mechanism against intruders and which can be hacked easly.

DREAD Threat Modeling

DREAD framework refers to a structure concerned with surveying the security threats of a PC with a recent utilization in Microsoft and though that has a current usage in Open Mass and various organizations, with a study from the makers. The model assists minds in rating the security threats and hazards while utilizing fi classifications. Such classifications include; damage, reproducibility, exploitability, the clients affected, and discoverability. While the loss is all about how awful the results of the attack are, the factor of reproducibility focuses on how simple is the recreation of the attack in this context (Singhal & Banati, 2013). However, exploitability targets the amount of work done in dispatching the attack. Besides, the number of individuals affected by the crime is necessary, with the discoverability concerning the ease of finding the risks that potentially occur. Generally, the five initials in the model give the origin of the name DREAD model. The model was initially meant for displaying dangers, but the evaluations were found to be unpredictable and presented with a liability to the discussion. The model was among those utilized by Microsoft 2008, (Collyer, 2018). During the evaluation of dangers using the DREAD model, the entire classifications are rated from one to the total number of assessments of a particular issue that is applied when organizing other matters. According to most security specialists, the inclusion of the "discoverability" to represent the last D is found to be rewarding, by lack of definition with a few associations moving to

DREAD-D scale.

STRIDE Threat Modeling

The STRIDE model of dangers was created by Praerit Garg and Loren Kohnfelder for application in recognition of threats to PC Microsoft. The model classifies the target dangers into six classes: · Spoofing · Tampering · Rejection · Information disclosure ·

Denial of service · Elevation of privilege

The STRIDE model was initially made as an essential feature of displaying procedure for the security threats in PC. The model

is useful when helping reason and discovering the dangers within a PC in the framework. The utilization of the model is related to the physical structure that can equally be built. Therefore, the model incorporates the failure of entire procedures, stores for information, information streams, and the trust limits. All the dangers are perceived as breach for the attractive properties of the framework, (Fatima, et al, 2019) 1. Threat; it is the property of desire that he model targets. 1. Spoofing; refers to

Authenticity as a way of ensuring robust security. 1. Tampering; this denotes the integrity of the model. 1. Repudiation;

the framework is non-repudiable. 1. Information disclosure; this is the confidentiality of the network to availing sensitive

information to unauthorized hands. 1. Denial of Service; this is how readily the services are available. 1. "Elevation of

Privilege"; this all about authorization.

TRIKE Threat Modeling

TRIKE model is a particular threat modeling technique, which is an open-source process of displaying the threats with a lot of focus on the fulfillment of the process of examining the digital risks from the board perspective. The model can give a danger basing their approach on the extremely used methodology and a demonstration process for the hazards, (Jain & Ajmera, 2018). The TRIKE threat modeling is a necessity model guaranteeing chosen levels of the risks for well-intentioned benefits to various partners. Subsequently, the model makes the stream charts for the information, with the framework engineers making the outlines to the information streams to impart the manner of moving of the framework as well as stores and information controls.

1

2

3

4

2

2

2

5

2

2 2

2 2

2

2 2

Source Matches (35)

rmusser 64%

Student paper 100%

Student paper 100%

My paper 100%

The model contained four components; · Information stores · Forms · Information streams · Interactors

Analysis

Although the entire methods seem to have great approaches, all of them are not ideal. First of all, the DREAD model has low

ratings with simple questions that are put on it credibly, and it seems to drop from Microsoft. The simple questions tent not to display all the necessary information to assess the threat effectively. TRIKE needs the designer to be careful while holding the

complete system for conducting an analysis of the search surfaces, which is challenging when it comes to large orders, this model can only be effective in small and mobile healthcare sectors. TRIKE model has several layers that requires a heavy investment of resources to develop it. More so, the model leaves unfinished data at the different levels of its application. The big health care

systems require a quality scale of 100 or 1000 threat model, which is a viable option, but when choosing one model, then STRIDE threat model is the best. The STRIDE model can be summarized to have a sole objective of development, meant to overcome the weaknesses associated with the other threat models. The model is well documented, owns a technology giant Microsoft Corporation, and is time tested. The application of STRIDE model does not prevent other models to be used in the healthcare sector making it more appropriate to be used. Despite of some disadvantages like not taking technical defense into the system as well as requiring a high level of competence in order to use it, it still stands out to be the best model to be used as compared to the other

two I have discussed above, (Spanakis, et al, 2020).

STRIDE Threat Model

HOSPITAL

Request response ADMIN

PATIENTS

Response request

Request Response

ANONIMOUS USERS

References

Ahsan, K., & Rahman, S. (2017). Green public procurement implementation challenges in Australian public healthcare

sector. Journal of Cleaner Production, 152, 181-197. Collyer, F. (2018). Envisaging the healthcare sector as a field: Moving from

Talcott Parsons to Pierre Bourdieu. Social Theory & Health, 16(2), 111-126. Fatima, K., Nawaz, S., & Mehrban, S. (2019, November). Biometric Authentication in Health Care Sector: A Survey. In 2019 International Conference on Innovative Computing (ICIC) (pp. 1- 10). IEEE. Jain, V., & Ajmera, P. (2018). Modelling the factors affecting Indian medical tourism sector using interpretive

structural modeling. Benchmarking: An International Journal. Spanakis, E. G., Bonomi, S., Sfakianakis, S., Santucci, G.,

Lenti, S., Sorella, M.,... & Magalini, S. (2020, July). Cyber-attacks and threats for healthcare–a multi-layer thread analysis. In 2020

42nd Annual International Conference of the IEEE Engineering in Medicine & Biology Society (EMBC) (pp. 5705-5708). IEEE.

2

2

2

2

6

7 8

9

10 11

10 3

3

1

Student paper

THREAT MODELING 1 THREAT MODELING 6

Original source

Threat Modeling Book Threat Modeling Book

2

Student paper

Threat Models in Health Care Facility

Original source

Threat Models in Health Care Facility

3

Student paper

University of the Cumberlands

Original source

University of Cumberlands

4

Student paper

Emerging Threats & Countermeasures (ITS-834-M41) (Fall 2020) Full Term Date

Original source

Emerging Threats & Countermeasures (ITS-834-M41) (Fall 2020) Full Term Date

Student paper 100%

Student paper 100%

Student paper 97%

Student paper 99%

Student paper 95%

Student paper 100%

Student paper 100%

haiderm 88%

2

Student paper

Threat Models in Health Care Facility

Original source

Threat Models in Health Care Facility

2

Student paper

The threat modeling in this perspective is the act through which the potential risks and alleviations of security are recognized and organized to impact a significant worth, for instance, the privacy of information and innovation protection. Some of the threat models include; dread threat model, stride threat model, and trike threat model.

Original source

The threat modeling in this perspective is the act through which the potential risks and alleviations of security are recognized and organized to impact a significant worth, for instance, the privacy of information and innovation protection Some of the threat models include dread threat model, stride threat model, and trike threat model

2

Student paper

DREAD Threat Modeling DREAD framework refers to a structure concerned with surveying the security threats of a PC with a recent utilization in Microsoft and though that has a current usage in Open Mass and various organizations, with a study from the makers. The model assists minds in rating the security threats and hazards while utilizing fi classifications. Such classifications include;

Original source

DREAD Threat Modeling DREAD framework refers to a structure concerned with surveying the security threats of a PC with a recent utilization in Microsoft and albeit that has a current usage in Open Stack and various organizations, with a dissertation from the makers The model assists minds in rating the security threats and hazards while utilizing fi classifications Such classifications include

2

Student paper

damage, reproducibility, exploitability, the clients affected, and discoverability. While the loss is all about how awful the results of the attack are, the factor of reproducibility focuses on how simple is the recreation of the attack in this context (Singhal & Banati, 2013). However, exploitability targets the amount of work done in dispatching the attack. Besides, the number of individuals affected by the crime is necessary, with the discoverability concerning the ease of finding the risks that potentially occur.

Original source

damage, reproducibility, exploitability, the clients affected, and discoverability While the loss is all about how awful the results of the assault are, the factor of reproducibility focuses on how simple is the recreation of the attack in this context (Singhal & Banati, 2013) However, exploitability targets the amount of work done in dispatching the attack Besides, the number of individuals affected by the crime is necessary, with the discoverability concerning the ease of finding the risks that potentially occur

2

Student paper

Generally, the five initials in the model give the origin of the name DREAD model. The model was initially meant for displaying dangers, but the evaluations were found to be unpredictable and presented with a liability to the discussion. The model was among those utilized by Microsoft 2008, (Collyer, 2018). During the evaluation of dangers using the DREAD model, the entire classifications are rated from one to the total number of assessments of a particular issue that is applied when organizing other matters.

Original source

Generally, the five initials in the model give the origin of the name DREAD model The model was initially meant for displaying dangers, but the evaluations were found to be unpredictable and presented with a liability to the discussion The model was among those utilized by Microsoft 2008 During the evaluation of dangers using the DREAD model, the entire classifications are rated from one to the total number of appraisals of a particular issue that is applied when organizing other matters

2

Student paper

According to most security specialists, the inclusion of the "discoverability" to represent the last D is found to be rewarding, by lack of definition with a few associations moving to DREAD-D scale. STRIDE Threat Modeling The STRIDE model of dangers was created by Praerit Garg and Loren Kohnfelder for application in recognition of threats to PC Microsoft.

Original source

According to most security specialists, the inclusion of the "discoverability" to represent the last D is found to be rewarding, by lack of definition with a few associations moving to DREAD-D scale STRIDE Threat Modeling The STRIDE model of dangers was created by Praerit Garg and Loren Kohnfelder for application in recognition of threats to PC Microsoft

2

Student paper

The model classifies the target dangers into six classes:

Original source

The model classifies the target dangers into six classes

5

Student paper

· Spoofing · Tampering · Rejection · Information disclosure · Denial of service · Elevation of privilege

Original source

Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege

Student paper 95%

Student paper 69%

Student paper 100%

Student paper 100%

Student paper 100%

Student paper 100%

Student paper 100%

Student paper 100%

Student paper 100%

Student paper 90%

Student paper 100%

2

Student paper

The STRIDE model was initially made as an essential feature of displaying procedure for the security threats in PC. The model is useful when helping reason and discovering the dangers within a PC in the framework. The utilization of the model is related to the physical structure that can equally be built. Therefore, the model incorporates the failure of entire procedures, stores for information, information streams, and the trust limits.

Original source

The STRIDE model was initially made as an essential feature of displaying procedure for the security threats in PC The model is useful when helping reason and discovering the dangers within a PC in the framework The utilization of the model is related to the physical structure that can equally be built Therefore, the model incorporates the breakdown of entire procedures, stores for information, information streams, and the trust limits (Scandariato, Wuyts & Joosen, 2015)

2

Student paper

All the dangers are perceived as breach for the attractive properties of the framework, (Fatima, et al, 2019) 1.

Original source

All the dangers are perceived as infringement for the attractive properties of the framework

2

Student paper

it is the property of desire that he model targets.

Original source

it is the property of desire that he model targets

2

Student paper

refers to Authenticity as a way of ensuring robust security.

Original source

refers to Authenticity as a way of ensuring robust security

2

Student paper

this denotes the integrity of the model.

Original source

this denotes the integrity of the model

2

Student paper

the framework is non-repudiable.

Original source

the framework is non-repudiable

2

Student paper

this is the confidentiality of the network to availing sensitive information to unauthorized hands.

Original source

this is the confidentiality of the network to availing sensitive information to unauthorized hands

2

Student paper

Denial of Service; this is how readily the services are available.

Original source

Denial of Service this is how readily the services are available

2

Student paper

"Elevation of Privilege"; this all about authorization. TRIKE Threat Modeling TRIKE model is a particular threat modeling technique, which is an open-source process of displaying the threats with a lot of focus on the fulfillment of the process of examining the digital risks from the board perspective.

Original source

"Elevation of Privilege" this all about authorization TRIKE Threat Modeling TRIKE model is a particular threat modeling technique, which is an open-source process of displaying the threats with a lot of focus on the fulfillment of the process of examining the digital risks from the board perspective

2

Student paper

The model can give a danger basing their approach on the extremely used methodology and a demonstration process for the hazards, (Jain & Ajmera, 2018). The TRIKE threat modeling is a necessity model guaranteeing chosen levels of the risks for well-intentioned benefits to various partners. Subsequently, the model makes the stream charts for the information, with the framework engineers making the outlines to the information streams to impart the manner of moving of the framework as well as stores and information controls. The model contained four components;

Original source

The model can furnish a danger basing their approach on the extraordinarily used methodology and a demonstration process for the hazards The TRIKE threat modeling is a necessity model guaranteeing allotted levels of the risks for worthy benefits to various partners Subsequently, the model makes the stream charts for the information, with the framework engineers making the outlines to the information streams to impart the manner of moving of the framework as well as stores and information controls The model contained four components

2

Student paper

· Information stores · Forms · Information streams · Interactors

Original source

· Information stores · Forms · Information streams · Interactors

Student paper 96%

Student paper 83%

Student paper 94%

Student paper 100%

Student paper 100%

com 100%

ProQuest document 100%

Student paper 100%

Student paper 76%

Student paper 100%

Student paper 100%

Student paper 100%

2

Student paper

Although the entire methods seem to have great approaches, all of them are not ideal. First of all, the DREAD model has low ratings with simple questions that are put on it credibly, and it seems to drop from Microsoft.

Original source

Although the entire methods seem to have great approaches, all of them are not ideal Exemplary, the DREAD model has low ratings with simple questions that are put on it credibly, and it seems to drop from Microsoft

2

Student paper

TRIKE needs the designer to be careful while holding the complete system for conducting an analysis of the search surfaces, which is challenging when it comes to large orders, this model can only be effective in small and mobile healthcare sectors.

Original source

TRIKE needs the designer to be careful while holding the complete system for conducting an analysis of the search surfaces, which is challenging when it comes to large orders

2

Student paper

The big health care systems require a quality scale of 100 or 1000 threat model, which is a viable option, but when choosing one model, then STRIDE threat model is the best. The STRIDE model can be summarized to have a sole objective of development, meant to overcome the weaknesses associated with the other threat models. The model is well documented, owns a technology giant Microsoft Corporation, and is time tested.

Original source

The big health care systems require a quality scale of 100 or 1000 threat model, which is a viable option, but when choosing one model, then TRIDE threat model is the best The STRIDE model can be summarized to have a sole objective of development, meant to overcome the weaknesses associated with the other threat models (Scandariato, Wuyts & Joosen, 2015) The model is well documented, owns a technology giant Microsoft Corporation, and is time tested

6

Student paper

STRIDE Threat Model

Original source

STRIDE threat model

7

Student paper

Ahsan, K., & Rahman, S.

Original source

Ahsan, K., & Rahman, S

8

Student paper

Green public procurement implementation challenges in Australian public healthcare sector.

Original source

Green public procurement implementation challenges in Australian public healthcare sector

9

Student paper

Journal of Cleaner Production, 152, 181-197.

Original source

Journal of Cleaner Production, 152, 181-197

10

Student paper

Jain, V., & Ajmera, P.

Original source

Jain, V., & Ajmera, P

11

Student paper

Modelling the factors affecting Indian medical tourism sector using interpretive structural modeling.

Original source

Modelling the factors affecting Indian medical tourism sector

10

Student paper

An International Journal.

Original source

An International Journal,

3

Student paper

G., Bonomi, S., Sfakianakis, S., Santucci, G., Lenti, S., Sorella, M.,...

Original source

G., Bonomi, S., Sfakianakis, S., Santucci, G., Lenti, S., Sorella, M.,

3

Student paper

Cyber-attacks and threats for healthcare–a multi-layer thread analysis. In 2020 42nd Annual International Conference of the IEEE Engineering in Medicine & Biology Society (EMBC) (pp.

Original source

Cyber-attacks and threats for healthcare–a multi-layer thread analysis In 2020 42nd Annual International Conference of the IEEE Engineering in Medicine & Biology Society (EMBC) (pp