Skip to main content

security models: STRIDE and DREAD

By

 

Assessment Overview:

The purpose of this assessment is to assess the students’ ability to apply their theoretical knowledge on risk assessment and management using standard models such as STRIDE and DREAD.

Weighting           50%

Length and/or format    3000

IEEE REPORT FORMAT

 

Context

The context of this assignment is that you have been employed as a security specialist and you are required to assess security threats and identify effective security measures to mitigate risks. To perform your jobs, you need to investigate an IT system, analyse impacts of security threats, identify five common security threats, analyse security requirements, rating the risks for each threat, calculate the severity of security threats on the whole system and recommend appropriate security solutions.

 

Instructions

In this assignment, you have to choose an Information System or IT system to write a report on security analysis and planning. You can choose a system from the following list or your own. However, you must choose an IS or IT system. The report would be based on two security models: STRIDE and DREAD. First, you need to identify 5 common security threats to your selected system. Then, you should list the security requirements to deal with those threats using STRIDE model. In the second part of your report, you have to analyse the risk of each threat on your system using DREAD model. You also need to measure the overall risk of the system and propose appropriate security measures to overcome the threats.

List of IT Systems:

1. Enterprise Resource Planning

2. Data Warehousing

3. Office Automation

4. Global Information Systems

5. Library Management Systems

6. Online Ticket Reservation Systems

7. Hotel Management System

8. Hospital Management System

9. Restaurant Management System

10. Supply Chain Management System

Abstract: An abstract (a short summary of the report) needs to convey a complete synopsis of the paper, but within a word tight limit. Writing an abstract includes brief introduction to the general topic of the work and then explanation of the exact research strategies, including the aims. It should then highlight the outcomes.

 

Introduction: In the Introduction, you are attempting to inform the reader about the rationale behind the work. The introduction does not have a strict word limit, unlike the abstract, but it should be as concise as possible. It can be a tricky part of the paper to write, so many scientists and researchers prefer to write it last, ensuring that they miss no major points. The introduction gives an overall view of the report but does address a few slightly different issues from the abstract. An introduction should emphasize on background, importance, limitations, and assumptions. You should provide a short overview of the chosen system in this section. If possible, a diagram of the system should be provided.

 

Analyse Impacts of Security Threats: You need to analyse impacts of security threats across societies and national borders for your chosen system. The statements need to be supported by most recent and relevant examples. 

 

Identify Five Common Security Threats: In this section, you will be identifying five common security threats that might have significant impacts on your system. You have to choose specific security attack on different security services such as attacks on integrity, data confidentiality, availability, authentication, non-repudiation and so on.

 

Analyse Security Requirements using STRIDE model: Here you need to analyse the security requirements using STRIDE model and also map the requirements with respect to security attacks (known as STRIDE threat classification). An explanation should be provided whether the chosen system can defend the security threats classified by the STRIDE model.

 

Risk Rating Using DREAD Model: In this section, you have to calculate risk values for each threat. Using DREAD model, you have to quantify the risk factor for each category and then calculate the overall risk value to evaluate the severity of risks on your information or IT system. You also need to describe some mitigation techniques to overcome the risks.

 

Recommendations:On the basis of threat analysis and risk assessment outcomes, you need to recommend a number of security measures to defend the system against common security attacks. A diagram integrating all security measures would be highly appreciated.

 

Conclusion: This is really just a more elaborate version of the abstract. In a few lines you should summarize your findings. Your abstract will do most of this for you but, as long as you do not get carried away, especially for longer reports, it can help the reader absorb your findings a little more.

GET SOLUTION FOR THIS ASSIGNMENT

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers.
  • Timely Delivery
  • Customer satisfaction.
  • Privacy and safety.
  • Writing services provided by experts.
  • Confidentiality
  • Premium papers,

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG Our Zero Plagiarism Policy | New Essays
Location: 88 Wakefield St, Adelaide SA 5000, Australia

Comments

Post a Comment

Popular posts from this blog

Starting with this provided code, add the following functionality

By
1.Starting with this provided code, add the following functionality: Replace hardcoded strings “Zero”, “One”, “Two”, “Three” in the ArrayList based on user typed input (use Scanner or JOptionPane classes). The user will be prompted for the String to be stored in the ArrayList and then hit enter. The user will be able to continue to add items to the ArrayList until they just hit enter without typing anything. Once the user does this (hits enter without typing anything), the program will display all of the elements of the ArrayList, both the index and String values, in a table. It will do this via a single loop making use of an iterator method. 2. Starting with this provided code, add the following functionality: Use a Try/Catch block so that the exception is caught and the program exits a bit more gracefully. Save this file as TryCatch.java. (Be sure to rename the Public Class accordingly.) Starting with the provided code again (without the Try/Catch block), fix the code so that
2 comments
Read more

Theoretical concepts with practical accounting task application based on the topics from the subject

By
  Assessment 1 Assessment Type: Written Report - individual assessment Purpose: This assessment is designed to reinforce the subject content and develop students’ skills and application of knowledge of the subject content to business situations. This assessment relates to learning outcomes a, b and c. Value: 20% Due Date: Students are to upload their submission to the Turnitin link on the KOI Moodle subject home page by 5:00pm Friday of Week 6. Topic: This assignment covers contemporary theoretical concepts with practical accounting task application based on the topics from the subject. Task Details: This assignment requires students to access the Conceptual Framework of Accounting www.aasb.qov.au and select the conceptual framework tab. Students are then required to access paragraph 2.4 fundamental qualitative characteristics. Students should: 1- Prepare a summary of the requirements for general-purpose financial reports with respect to these fundamental qualitative characteristics. 2
1 comment
Read more

Josie Eskander

By
  Question 1: Task 1: Report Assume you are Josie Eskander. You are writing in response to techno trading P/L’s advertisement of a new laptop at 20% below normal price. You want information on brand name, availability of service and repairs, delivery times and methods of payment. Write the letter using the seven basic parts of the letter. In the opening paragraph present a clear and courteous request. Secondly write a response from techno trading giving details and proposing the sale. Provide draft of both emails in the space below. Question 2: Task 2: Report In pairs, nominate a good and a bad letter writer. Discuss the key differences. Write a good/bad letter from techno training to Alex Antonov accepting/declining his proposal to invest in the business Question 3: Task 3: Report Write a letter from techno trading p/l to a new client ‘new realities p/l’ urging them to buy techno new virtual reality software. Make a strong argument for the product. Question 4: Task 4: Report Write a l
Post a Comment
Read more