weekly report 2 2

/in /by

The problem description defines the issue you are trying to address with your project.

  1. gives the overall description of the client’s business context
  2. identifies the assets that need to be protected
  3. analyzes the cybersecurity threats that the client needs to address (threats’ likelihood and impact are addressed).
  4. includes a detailed description of the current security posture of the client

It should clear and sufficiently precise:

Week 2 Homework (due 03/5/2020):

  • I uploaded a Sample Problem Description II file on Blackboard.
  • Please use it as an example of what I am expecting.
  • Other remarks:
    • The document should contain a threat analysis. A threat analysis is NOT a vulnerability analysis.
      • A vulnerability is an actual weakness or flaw in an information system that can be exploited. Example: “OpenJPEG through 2.3.1 has a heap-based buffer overflow”.
      • A threat is a potential negative event that can lead to damage or loss of an asset. Example: “Patient records are accessed by an unauthorized individual”.
    • As a reminder, a threat actor is a person, organization, or an entity that will exploit an existing vulnerability. Common threat actors include: hacktivists, cybercriminals, disgruntled insiders, nation states, careless employees, nature.
    • The list of identified threats should be exhaustive.
      • Don’t worry: You will NOT have to provide countermeasures to each of the identified threats.
    • Workloads: Each team member could be responsible for analyzing the threats against a specific asset.
    • Each threat should be rated (impact and likelihood).
      • Usually, cybersecurity professionals provide a qualitative assessment (Low/Medium/High) based on their personal experience.
      • Most advanced techniques use quantitative methods.
    • To help you identify your threats, I uploaded on Blackboard a few whitepapers about current threats. But keep in mind that the threats for your project depend on your business context and assets.
    • Use your knowledge from previous cybersecurity classes when you brainstorm.