Dissertation Writers: Discuss the potential for service interruptions for those systems or applications connected to the Internet. Which systems are vulnerable?
A section, titled STRIDE, that will identify the following security threats for six different categories, as discussed in the article in the Web reference you were asked to read, as they apply to this scenario. Include the following: 60 points
a. Spoofing – address any spoofing threats that might be present in the applications or systems. Include the ramifications (impact) of a spoofing attack.
b. Tampering – address any data or databases that might be subject to data tampering (applications, for instance, that might be vulnerable to cross site scripting attacks or SQL injection in the healthcare organization scenario, above).
c. Repudiation – address where repudiation attacks might be possible in the organization.
d. Information disclosure – address where there may be the likelihood for a data breach in the organization’s assets listed in the scenario that would allow the attacker to access private information (or, worse, patient health information). Discuss the laws and regulations that would be impacted and the ramifications (impact and penalities) that would be incurred by this organization in that event.
e. Denial of Service – discuss the potential for service interruptions for those systems or applications connected to the Internet. Which systems are vulnerable? What would be the impact to the organization for each connected system, if it were to be unavailable?
f. Elevation of Privilege – discuss the systems and applications that might be subject to an attacker elevating his privilege levels (think of a patient database – what would happen if the attacker was able to gain Administrator access to the database?).
4. A section, titled Risk Mitigation Plan, that summarizes your findings for the boss and discusses the security controls that you recommend for each of the potential attacks that you have identified. This can be summarized using the table I’ve provided for you below for each of your threats. Remember to assign the implementation of the recommended security control to a role within the organization (you can use a generic role, such as System Administrator, Database Admin, Security Officer, etc. – your textbook and other supplemental readings listed different organizational roles responsible for managing risk) 20 points.
Risk Mitigation Plan: