Threat Modeling

A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:

  • User authentication and credentials with third-party applications
  • 3 common security risks with ratings: low, medium or high
  • Justification of your threat model (why it was chosen over the other two: compare and contrast)

You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.

Your paper should meet the following requirements:

  • Be approximately four to six pages in length, not including the required cover page and reference page.
  • Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
  • Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. 
  • Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. 

AmazonEcho

  

Instructions

1. Please read these two articles: 

· Using forensics against a fitbit device to solve a murder:  https://www.cbsnews.com/news/the-fitbit-alibi-21st-century-technology-used-to-help-solve-wisconsin-moms-murder/

· How Amazon Echo could be forensically analyzed! https://www.theverge.com/2017/1/6/14189384/amazon-echo-murder-evidence-surveillance-data

2. Then go around in your residence / dwelling (home, apartment, condo, etc) and be creative.

3.  Identify at least five appliances or devices that you THINK could be forensically analyzed and then identify how this might be useful in an investigation. Note – do not count your computer or mobile device. Those are obvious!

4. I expect at least one paragraph answer for each device. 

Why did I assign this? 

The goal is to have you start THINKING about how any device, that is capable of holding electronic data (and transmitting to the Internet) could be useful in a particular investigation! 

750 words: Select an organization that has a Global platform and describe the following.

Portfolio Project: Select an organization that has a Global platform (they operate in more than one country), that has demonstrated operational excellence.  

Perform the following activities:

1. Name the organization and briefly describe what good or service they sell and where they operate.

2. Note how they are a differentiator in the market.

3. Note the resources used to ensure success in their industry (remember resources are comprised of more than just people).

4. Explain what actions the company took to achieve operational excellence.

Assignment

 

Describe the plain view doctrine, and why  it has such a significant impact on digital forensics? What are three approaches to determining whether the doctrine applies to a specific case.

Use your own words and do not copy  the work of another student.

Data Acquisition

Research some tools that would be valuable in collecting both live memory images and images of various forms off media. Put together a shopping list for your manager that includes tools needed  to be purchased. Include a price if applicable.

Write your answer using a WORD document.

practical report

  

(CWK2) – Practical Report: It contains 2 tasks: 1) Implementation (coding), 2) Presentation/demo

Module Learning Outcomes are assessed in in the research report, practical report and demo: 

  

LEARNING OUTCOME

ASSESSMENT   STRATEGY

 

Critically analyse   architectural styles of software systems and evaluate the role of software   architecture in the design and evolution of software.

Submission of research report.   To include in-depth background analysis.

 

Apply the   principles of software architecture construction particularly using component   and service oriented programming.

Submission of research report.   To include detailed analysis of component oriented architecture against other   architectural styles.

 

Evaluate the   benefits of software architectures and their corresponding programming   paradigms in terms of software quality factors such reusability, maintenance,   extendibility. 

Submission of the research   report. To cover the benefits of component software architectures in term of   software quality factors.

 

Critically discuss legal, social and   ethical issues associated with software construction.

Submission of the research   report. To cover the ethical, social and professional issues.

 

Apply technical proficiency in component   and service oriented analysis and design

The analysis and design part of   the practical report.

 

Evaluate the strengths and weaknesses of   service oriented and component technologies. 

Service and component   technologies evaluation part of the practical report.

 

Build a complex business application that   satisfies an architectural design using a service oriented component   technology.

The implementation part of the   practical report and the demonstration/presentation (practical exam).

CWK2: One zipped file named surnames_CWK2_Practical_Report which contains the code, presentation/demo, associated with CWK2, and README file containing the name of the student and their specific contributions, and any specific instructions for installation/configuration/ that might be needed.

Submission details: The second part of the coursework should be submitted as a single zipped file to canvas, and it should contain the code and the presentation.

Module Learning Outcomes assessed in this piece of coursework

· Build a complex business application that satisfies an architectural design using a service oriented component technology.

· Evaluate the strengths and weaknesses of service oriented and component technologies. 

1. Assignment Brief: Analysing and Building a Banking System Software Using Component and Service Oriented Cloud Architecture (Part 2).

Aim

The aim of the second part of the coursework is to demonstrate the knowledge and awareness of service oriented and other latest software development technologies in a given scenario. This should involve the following:

1. Apply technical proficiency in component, service and modular programming.

2. Implementation the demo system using a service oriented architecture and frameworks of your choice.

3. Produce a presentation/demonstration to discuss the used technologies and show a working prototype.

The Problem

In order to remain competitive and be able to expand its business ABC Banking Group must update its services to reflect the recent advances in information and communication technology. This will require the design and implementation of an adaptable technology migration strategy. Currently, ABC Banking Group system is a LAN based, able to be reached over the web using legacy software. Thus, the Group needs a migration strategy from a LAN based system to Cloud based system, however such a migration requires the consideration not only of the underlying Cloud service oriented architecture, and its benefits, but also should reflect the main business activities of the Group. 

At the core of the Group’s business activities is its transaction processing system. The system is used to define accounts and transactions. Accounts refer to things like customers’ bank accounts, while transactions are things like deposits and withdrawals which are essentially time-stamped records. Each account keeps track of the transactions that affect it. It also has a set of attributes such as customer’s name, address, balance, overdraft, running totals (of deposits and withdrawals) computed from the transactions etc.

Once an account is set up, it is used by creating transactions and by querying the attributes of the account. Transactions can come from other systems, like direct debits, or from different branches and they can be created by program control or can be created by a user filling out an input screen. Customers can access their account and conduct transactions using their desktops, mobile phones etc.

Your task is to design new service based architecture of the system. It is up to you how to go along the task. However, you have to take into account the distributed nature of the problem and the possibility of accessing account details, on the server, using different clients and different graphical user interfaces. These interfaces are programmed so that they communicate with the server. 

You define how an account handles transactions that are posted to it, one way of handling transactions, is by putting them in a list in order of their date. Queries can be from a simple interface, from reports such as bank statements or from programs that are creating transactions. All interactions with the system are achieved by creating transactions and querying attributes.

The system should be able to perform a number of operations including creating account for every customer, holding the customer’s name and address, allocating a numeric code (account number) for every customer, balance, cost for overdrafts, returning the statements etc. The system also should be able to add, delete customers and work out the total number of customers. 

Coursework Documentation/Report

You are asked to address the aims and business requirements by producing a practical report which covers:

Implementation (80%)

You are asked to implement and construct your application using a programming language and programming environment that supports component/service oriented paradigm.

Presentation/demo (20%)

This should include a brief discussion of of the deployed technologies  and a working prototype of your program which should demonstrate good knowledge of fundamental service/component oriented and modular concepts.

2. Feedback (including details of how and where feedback will be provided)

You will receive the feedback electronically using the feedback form (check the summary table for deadlines)

Marking scheme

Implementation: Coding Fundamentals ( /30)

  

**

VG

G

F

P

VP

 

Use of   OO Concepts

 

Use of   classes

 

Use of   method invocation

 

Use of   storage

 

Use of   interaction and selection

 

Variables/Header   box/Comments/

Implementation: Services/Components Integration ( /50)

  

**

VG

G

F

P

VP

 

Functionality   

 

Completeness   

 

Use of service orientation

 

Use of Components

 

Use of   Interfaces

Presentation/demo ( /20)

  

**

VG

G

F

P

VP

 

Quality

 

Presentation

 

Technology

 

Traceability:   from design to code

             

Overall mark  ( /100)

** VG: Very Good, G: Good, F: Fair, P: Poor, VP: Very Poor

Project: Risk Management Plan

 

Purpose

This project provides an opportunity to apply the competencies gained in the lessons of this course to develop a risk management plan for a fictitious organization to replace its outdated plan.

Learning Objectives and Outcomes

You will gain an overall understanding of risk management, its importance, and critical processes required when developing a formal risk management plan for an organization.

Required Source Information and Tools

The following tools and resources that will be needed to complete this project:

  • Course textbook
  • Internet access for research

Deliverables

As discussed in this course, risk management is an important process for all organizations. This is particularly true in information systems, which provide critical support for organizational missions. The heart of risk management is a formal risk management plan. The project activities described in this document allow you to fulfill the role of an employee participating in the risk management process in a specific business situation.

The project is structured as follows:

Project Part

Deliverable

Project  Part 1

Task  1: Risk Management Plan

Task  2: Risk Assessment Plan

Task  3: Risk Mitigation Plan 

Submission Requirements

All project submissions should follow this format:

  • Format:     Microsoft Word or compatible
  • Font:     Arial, 10-point, double-space
  • Citation     Style: Your school’s preferred style guide
  • Minimum 2     pages per task

Scenario

You are an information technology (IT) intern working for Health Network, Inc. (Health Network), a fictitious health services organization headquartered in Minneapolis, Minnesota. Health Network has over 600 employees throughout the organization and generates $500 million USD in annual revenue. The company has two additional locations in Portland, Oregon and Arlington, Virginia, which support a mix of corporate operations. Each corporate facility is located near a co-location data center, where production systems are located and managed by third-party data center hosting vendors. 

Company Products 

Health Network has three main products: HNetExchange, HNetPay, and HNetConnect.

HNetExchange is the primary source of revenue for the company. The service handles secure electronic medical messages that originate from its customers, such as large hospitals, which are then routed to receiving customers such as clinics.

HNetPay is a Web portal used by many of the company’s HNetExchange customers to support the management of secure payments and billing. The HNetPay Web portal, hosted at Health Network production sites, accepts various forms of payments and interacts with credit-card processing organizations much like a Web commerce shopping cart.

HNetConnect is an online directory that lists doctors, clinics, and other medical facilities to allow Health Network customers to find the right type of care at the right locations. It contains doctors’ personal information, work addresses, medical certifications, and types of services that the doctors and clinics offer. Doctors are given credentials and are able to update the information in their profile. Health Network customers, which are the hospitals and clinics, connect to all three of the company’s products using HTTPS connections. Doctors and potential patients are able to make payments and update their profiles using Internet-accessible HTTPS Web sites.

Information Technology Infrastructure Overview

Health Network operates in three production data centers that provide high availability across the company’s products. The data centers host about 1,000 production servers, and Health Network maintains 650 corporate laptops and company-issued mobile devices for its employees.

Threats Identified

Upon review of the current risk management plan, the following threats were identified:

· Loss of company data due to hardware being removed from production systems

· Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops

· Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and so on

· Internet threats due to company products being accessible on the Internet

· Insider threats

· Changes in regulatory landscape that may impact operations 

Management Request

Senior management at Health Network has determined that the existing risk management plan for the organization is out of date and a new risk management plan must be developed. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan.

Additional threats other than those described previously may be discovered when re-evaluating the current threat landscape during the risk assessment phase.

The budget for this project has not been defined due to senior management’s desire to react to any and all material risks that are identified within the new plan. Given the company’s annual revenue, reasonable expectations can be determined.

Project Part 1 Task 2: Risk Assessment Plan

After creating an initial draft of the risk management plan, the second part of the assigned project requires you to create a draft of the risk assessment (RA) plan. To do so, you must:

  1. Develop an introduction to the plan explaining its purpose and importance.
  2. Create an outline for the RA plan.
  3. Define the scope and boundaries for the RA plan.
  4. Research and summarize RA approaches.
  5. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk assessment.
  6. Develop a proposed schedule for the RA process.
  7. Create a professional report detailing the information above as an initial draft of the RA plan.

Evaluation Criteria and Rubrics

  • Did the student demonstrate an understanding of the competencies covered in the course relating to risk assessments?
  • Did the student include all important components of a RA plan in the outline?
  • Did the student demonstrate good research, reasoning, and decision-making skills in identifying key components and methodologies?
  • Did the student create a professional, well-developed draft with proper grammar, spelling, and punctuation?

Data

You have been asked by management (manufacturing, healthcare, retail, financial, and etc. ) to create a demo using a data analytic or BI tool. It is your responsibility to download and produce outputs using one of the tools. You will need to focus your results on the data set you select.  

Ensure to address at least one topic covered in Chapters 1-5 with the outputs. The paper should include the following as Header sections.

Introduction History of Tool [Discuss the benefits and limitations] 

Review of the Data [What are you reviewing?] 

Exploring the Data with the tool Classifications Basic Concepts and Decision Trees Classifications 

Alternative Techniques Summary of Results References

Ensure to use the Author, YYYY APA citations with any outside content.

Types of Data Analytic Tools

https://www.octoparse.com/blog/top-30-big-data-tools-for-data-analysis/ Excel with Solver, but has limitations R Studio Tableau Public has a free trial Microsoft Power BI Search for others with trial options

Examples of Dataset

https://www.forbes.com/sites/bernardmarr/2016/02/12/big-data-35-brilliant-and-free-data-sources-for-2016/#4b3e96f1b54d