Boost your Grades with us today!

Threat Process Model – nursing writers

CYBR 650 Current Trends in Cybersecurity
Spring 2016
 

Save your time – order a paper!
Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

Ron Woerner

WELCOME
Class information
Term: March 14, 2016 – June 4, 2016
Class meets Tuesdays, 6:15pm – 9:00pm
Class week: Mondays – Sundays
Assignments due Sunday night
Enhanced class – both in class and online
2
CYBR 650
Spring 2016

CYBR 650
Spring 2016
3

Videos
My objective is to not be like this: https://www.youtube.com/watch?v=uhiCFdWeQfA
Or this: Why you should turn off your cell phone in class
 
Don’t Judge Too Quickly
 
4
CYBR 650
Spring 2016

Class Broadcast
Using Adobe Connect
Use a web browser – http://bellevuena6.adobeconnect.com/cybr650-spr16/
Audio over the Internet
In class can join as well
Online participants:
I’ll been to turn on your mic as needed
Use the chat window / Raise hand
CYBR 650
Spring 2016
5

In Case of Emergency
Tornado
Fire
Power Outage
Active shooter
Winter weather
Zombiepocalypse
CYBR 650
Spring 2016
6

Security News
Daily Open Source Infrastructure Report
SANS Internet Storm Center
Threatpost
CSO Online Blogs
Fill in the blank with what’s happening.
7

Questions
 
 
Have a security clearance?
Is this your first class?
Have taken a class with me?
Have a security or IT certification?
Have been jailed for security violations?
How many…

Identity Paradox
 
 
How do you know?
How do I prove it to you?
Without compromising my privacy?
Who am I?

Introductions
 
Ron Woerner
25+ years experience in IT
CISSP for 14 years
Security Professional for 15+ years
Given ~50 presentations on security
B.S. Comp Sci & M.S. Information Systems
Call me coach
10
Who I am
CYBR 650
Spring 2016

Introductions – Your turn
 
Name
Student status
Work status
Experience with security / hacking
What are you looking for from this class?
[You also need to do this on the forum.]
 
11
Who are you?
CYBR 650
Spring 2016

Course Schedule* See the Course Syllabus
12
CYBR 650
Spring 2016
*Subject to change

Class Attendance
Students are expected to attend class and to complete all assignments. If you have specific attendance and/or participation requirements related to your educational funding or student visa status, you are expected to monitor your own attendance/participation to ensure you are in compliance with those requirements.
 
I track attendance, but don’t base your grades on it.
Please be professional.
CYBR 650
Spring 2016
13

Course Materials
Required: Threat Modeling, Designing for Security, Adam Shostack, © 2014, Wiley Publishing, ISBN: 978-1-118-80999-0, Book Website: http ://threatmodelingbook.com /
Recommended: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition, Ross Anderson, © 2008, Wiley Publishing, Inc., ISBN: 978-0-470-06852-6, Book Website: http ://www.cl.cam.ac.uk/~ rja14/book.html .
Supplemental Reading – See the assignment’s page
14
CYBR 650
Spring 2016

Threat Modeling (book)
Process for threat modeling
Based on software development life cycle
 
CYBR 650
Spring 2016
15

Course Materials
See the Reading List
 
16
CYBR 650
Spring 2016

Do it now
Log into Blackboard
Enter the course
Read the syllabus (under Course Information)
Take the syllabus / class rules quiz (if you haven’t already done so)
You need to do this to see the week 1 assignments.
CYBR 650
Spring 2016
17

CYA*
You’re here to learn (not just get a grade / credit for the class) [I’m an optimist.]
You’ll come to class prepared.
You still have time while I’m talking…
You’ll submit assignments in a Word compatible format.
18
* Check You Assumptions
CYBR 650
Spring 2016

Class Expectations – 1
Come to class (or let me know if you can’t)
Read and understand the material by Thursday
Participate in class and online discussions
The more the better
Actively learn, share, ask questions, and debate
ASK QUESTIONS!
19
CYBR 650
Spring 2016

Class Expectations – 2
Be proud of your work – put your name on it
Stay current with your work – turn it in on time
Get out of jail free card
Find, use, and cite your sources (APA or MLA)
At least 3 for each research paper
Over communicate
Proufread you’re work
Think outside the box – be creative
 
20
CYBR 650
Spring 2016

Class Assignments
See CyberActive / BlackBoard page for the week
Weekly written assignment
Weekly discussion
Online and in class
Occasional group work
Will mostly be in class
You need to make it up if you won’t be in class
Weekly quiz
21
CYBR 650
Spring 2016

Paper writing & formatting
Ensure good English writing
Tips for Creating an Information Security Assessment Report Cheat Sheet – L Zeltser
Lack of good writing kills credibility
Citations & References required
Can be APA or MLA
Papers must be professional
Single links for references don’t count
See Citing Your Sources
22
CYBR 650
Spring 2016

Academic Honesty
Your work must be your own
Copying from others (include other sections)
Plagiarism (see plagiarism 101 on plagiarism.org)
Cite and reference information from sources
I like to know where it’s from so I can learn
Learn how to properly paraphrase
DON’T use a synonymizer for words.
23
CYBR 650
Spring 2016

Other stuff you should know
Using Wikipedia
Problem solving
Google hacking
24
CYBR 650
Spring 2016

Discussions
Need at least 3 posts for minimum (B-) credit
More is better
At least 4 if you’re not in class
Initial post
Must be by Thursday’s class.
Should have 2-3 paragraphs
References don’t need to be APA/MLA
See previous slide on plagiarism
Replies by Sunday evening (approx. 6pm)
Please, don’t just say, “Nice post”
Answer questions asked on your thread
25
CYBR 650
Spring 2016

What this class is (really) about
Threat modeling
Security Engineering
Current security events
 
 
26
CYBR 650
Spring 2016

27
Threat
Modeling
CYBR 650
Spring 2016

Why should I care?
Would you know a threat if it bit you in the ___?
 
Makes a difference in how they’re handled, prioritized, mitigated, and managed.

Definitions
Risk – The probable frequency and probable magnitude of future loss. [Jack Jones]
– An uncertain event or condition that, if it occurs, has an impact on a project’s or business’ objectives. [Ron ]
Threat – Any circumstance, event, person or thing with the potential to inflict loss.
Vulnerability – A weakness that makes a threat possible.
Exploit – An action taken by a threat source that harms an asset usually by taking advantage of a vulnerability or weakness.

Definitions
Control –  The act of restricting, limiting or managing something.
– The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature.
Threat Vector – A path or tool used by an adversary to compromise a target.
Threat Analysis – Identification of the threats that exist against enterprise assets.

Definitions
Risk Assessment – The act of identifying potential threats to and vulnerabilities in an information system or business process.
Risk Management – The process of determining an acceptable level of risk, assessing the current level of risk, taking steps to reduce risk to the acceptable level, and maintaining that level of risk.
Risk Appetite / Tolerance – The amount of risk an entity is willing to accept.

Which of the following are risks?
Disgruntled insiders
Internet-facing web servers
Untested recovery processes
Network shares containing sensitive information
Weak passwords
Hurricane force winds
Threat
Assets
Deficient control
Assets
Deficient control
Threat

Threat determination
In this article, how many of these are actually threats?
http://www.networkworld.com/article/3042610/security/the-dirty-dozen-12-cloud-security-threats.html
CYBR 650
Spring 2016
34

Threat Modeling
Using models to find (and decide about) real or potential security problems (p. 3).
Using a standard process to analyze any circumstance, event, person or thing with the potential to inflict loss.
Anticipate / Catch problems before they occur.
 
CYBR 650
Spring 2016
35

CYBR 650
Spring 2016
36

https://courses.cs.washington.edu/courses/cse484/14au/slides/thread-modeling.pdf
36

37
Process
Modeling
CYBR 650
Spring 2016

What is Process Modeling?
aka Business Process Modeling (BPM)
A diagram representing a sequence of activities. It typically shows events, actions and links or connection points, in the sequence from end to end. [Business Balls]
Identifying and Documenting Business Activities (also known as tasks) and Processes by Employing a Formal BPM Language. A Process MUST have a business objective. Business activities identify the steps to achieving a business goal. [Business Modeling]
 
CYBR 650
Spring 2016
38

BusinessBalls: Business Process Modeling Business Modeling – IT & Business Allignment, http://www.modelingconcepts.com/pdf/BPM_V2.pdf.
 
38

Threat Process Modeling
Creating a workflow to identify, analyze, and make decisions on threats to data, information, systems, networks, etc.
Basically, a recipe to follow.
CYBR 650
Spring 2016
39

CYBR 650
Spring 2016
40

http://www.modelingconcepts.com/pdf/BPM_V2.pdf.
40

Threat Process Modeling
Identifying credible sources of threat and vulnerability information.
Gathering, analyzing, and storing threat and vulnerability information.
Documenting system information, both logical and physical.
Gathering policies, standards, and procedures (both internal and external) that are applicable to the system.
Evaluating threats and vulnerabilities to determine whether they apply to the information system.
Make recommendations for controls to the system.
Evaluate impact of controls to the system.
Start again at Step 1!
CYBR 650
Spring 2016
41

From the Weeks 1 & 2 Assignment’s page
41

Break
42
CYBR 515
Fall 2015

Week 1 Assignment Threat Model Process
Develop your threat modeling process
Use the one provided as a template
Add steps as needed
Check the flow. Does it make sense?
Create a workflow diagram (Visio or equivalent)
Step-by-step instructions
Audience is someone who has never threat modeled
Generic to be used by any type of business
Initial version due in week 1. Updated version due in week 4.
Submit to both the discussion forum and the assignment link.
43
CYBR 650
Spring 2016

Week 1 Assignments
Assignment 1 – Discussion
See the Week 1 Assignments page
Pick one of the topics. Try not to repeat.
Answer questions / comments on your thread.
Initial post due by end of week 1 (March 20). Replies due by 6pm end of week 2 (March 27).
15 points for original post, 15 points for participation.
 
 
 
44
CYBR 650
Spring 2016

Week 1 Assignments
Security Blog
See the instruction sheet
Create your own blog and write articles for it each week.
Should be 600-800 words.
Make it interesting and applicable. {What do you like in a blog?}
 
 
45
CYBR 650
Spring 2016

Building your Toolkit
13 must-have security tools
Vuln Hub: https ://www.vulnhub.com /
Resources
Brainpan, http://blog.techorganic.com /
Challenge sites: http://www.wechall.net /
 
What’s in Your [Security] Wallet?
My Security Bookshelf
 
SecTools.org
Oldergeeks.com
 
CYBR 650
Spring 2016
46

Questions???

Get to Work!
Discussion posts
Blog
Threat process modeling
Security research
Wash my car <just kidding>
48
CYBR 650
Spring 2016

49
DON’t leave!
CYBR 650
Spring 2016

Next Week
Threat process modeling continued
Deeper dive into threats
Threat intelligence
Sources
Data analytics
50
CYBR 650
Spring 2016

See http://www.darkreading.com/threat-intelligence/threat-intelligences-big-data-problem/d/d-id/1324702?

 
“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”

0
0

SK

SK2022-12-04 20:33:592022-12-04 20:33:59Threat Process Model

© Copyright 2021 nursing writers

Looking for a Similar Assignment? Our Experts can help. Use the coupon code SAVE30 to get your first order at 30% off!