SlideShare a Scribd company logo

KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS

Download as DOCX, PDF
T
TatianaMajor22

KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS Mobile Application Threat Model Report [name] [date] 1.0 INTRODUCTION Inject yourself into the given scenario and respond as the cyber threat analyst at a company wants to implement an initial specific mobile application. Provide an introduction to your company and work on providing mobile application security advice specific for this application to senior management. The advice might also apply to future mobile applications, but advice only relating to your specific first mobile application should be covered. What assumptions are you making? What is included and what is not included? 2.0 PURPOSE Describe the purpose of your work as it relates to senior management making a decision to follow your recommendations and proceed with this mobile applications technology. What issue(s) is(are) being addressed? What aspects of security are key for the mobile application? Are there any specific laws, regulations, industry norms, etc. that must be followed? Reference and explain them. 3.0 MOBILE APPLICATION ARCHITECTURE Integrate the Step1 description of the mobile application architecture in the scenario. Identify, describe and explain areas such as · The purpose and intent of the specific first mobile application. · Who and/or what systems are users of this application. · An architecture diagram for your application should be provided and explained. · A network diagram(s), including the related system(s) and end devices should be included and explained. Be sure to describe key aspects of the network, systems and devices, as related to this specific mobile application scenario only. Refer to and explain key elements, key OSs and key technologies in your diagram(s). · My preference would be for you to focus most on the mobile architecture and less so on the networking. However, note that the traffic record analyses in the lab will give you guidance for the application architecture network protocols. So, you will be “forced” to consider the type of networking to be used. · Provide one or two Use Case Scenarios and trace these scenarios in the architecture/network diagram(s) or any additional diagrams. Use Cases are a collection of separate statements of how the, in this case, mobile application would work in different situations (e.g., banking use cases, not necessarily, mobile application oriented, might be depositing a check to your savings account, transferring money from your savings account to your checking account, applying for a loan, etc.). Tracing involves showing the exact steps involved from beginning to end in the specific use case. If you cover one (two) use case(s), you would have one (two) unique and separate tracings (i.e., one (two) different diagrams). · Identify the specific areas for security concern. 4.0 SECURITY REQUIREMENTS Integrate the Step 2 requirements for this mobile application. Starting with a high-level statement of the security requ ...

Education
1 of 6
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS Mobile Application Threat Model Report [name] [date] 1.0 INTRODUCTION Inject yourself into the given scenario and respond as the cyber threat analyst at a company wants to implement an initial specific mobile application. Provide an introduction to your company and work on providing mobile application security advice specific for this application to senior management. The advice might also apply to future mobile applications, but advice only relating to your specific first mobile application
should be covered. What assumptions are you making? What is included and what is not included? 2.0 PURPOSE Describe the purpose of your work as it relates to senior management making a decision to follow your recommendations and proceed with this mobile applications technology. What issue(s) is(are) being addressed? What aspects of security are key for the mobile application? Are there any specific laws, regulations, industry norms, etc. that must be followed? Reference and explain them. 3.0 MOBILE APPLICATION ARCHITECTURE Integrate the Step1 description of the mobile application architecture in the scenario. Identify, describe and explain areas such as · The purpose and intent of the specific first mobile application. · Who and/or what systems are users of this application. · An architecture diagram for your application should be provided and explained. · A network diagram(s), including the related system(s) and end devices should be included and explained. Be sure to describe key aspects of the network, systems and devices, as related to this specific mobile application scenario only. Refer to and explain key elements, key OSs and key technologies in your diagram(s). · My preference would be for you to focus most on the mobile architecture and less so on the networking. However, note that the traffic record analyses in the lab will give you guidance for the application architecture network protocols. So, you will be “forced” to consider the type of networking to be used. · Provide one or two Use Case Scenarios and trace these
scenarios in the architecture/network diagram(s) or any additional diagrams. Use Cases are a collection of separate statements of how the, in this case, mobile application would work in different situations (e.g., banking use cases, not necessarily, mobile application oriented, might be depositing a check to your savings account, transferring money from your savings account to your checking account, applying for a loan, etc.). Tracing involves showing the exact steps involved from beginning to end in the specific use case. If you cover one (two) use case(s), you would have one (two) unique and separate tracings (i.e., one (two) different diagrams). · Identify the specific areas for security concern. 4.0 SECURITY REQUIREMENTS Integrate the Step 2 requirements for this mobile application. Starting with a high-level statement of the security required for this mobile application, work your way to more detailed security requirements and identify the specific application architecture, network and system components to which these requirements apply. Note that requirements statements are needs, such as non-repudiation, integrity, etc. for a specific aspect of the application, network, data, etc. The statement does not include specific implementation that achieves these. Also note that you are writing about what is needed and not about what your application, network, etc. already has. 4.0 THREATS AND THREAT AGENTS Integrate the Step 3 description of threats and threat agents and your relevant Step 5 lab results which specifically pertain to this mobile application’s data. Indicate if the threats and threat agents are dependent on specific OSs, platforms or mobile technology related to the application.
5.0 METHODS OF ATTACK Integrate the Step 4 methods of attacks and your relevant Step 5 lab results which specifically pertain to this mobile application’s data. A clear and professional presentation of this material might provide threat agent use cases (e.g., a step by step description of how the threat agents conduct their attack) and diagrams to refer to while describing the steps. 6.0 SECURITY CONTROLS Integrate your Step 6 research into this section. Note that there usually are multiple ways of mitigating or control security issues and to achieve the security requirements and you will need to guide senior leadership in which to select and which selected controls to be implemented first, second, etc. Summarize, explain and discuss · Specific controls which could achieve your security requirements and/or prevent the attacks you covered for this mobile application · Cover your controls according to platform (e.g., Apple/iOS, Android, Windows Mobile, BlackBerry) · What are the controls to achieve the security requirements and/or prevent each attack? · What are the controls to detect each attack? · What are the controls to mitigate/minimize the impact of each attack? · What are the privacy controls which protect users’ private information (e.g., a security prompt before users access an address book or allow geolocation) for your application? The use of tables could greatly clarify and help with understanding. Your table should map each control to each specific attack you covered, provide a projected level of
effectiveness if implemented and indicate some aspect such as cost, complexity, skills required, time required, staff required, etc. for specifying, implementing, operating and maintaining the control. You may find such data in your research and/or create your own reasonable assessments. This data will be useful to senior management in making their decisions based on a desire to achieve a specific level of risk management. 7.0 RECOMMENDATIONS Summarize only your main points that senior leadership needs to know to do their job and present your specific recommendations. If there are multiple recommendations or several steps, recommend the sequence or roadmap that should be taken. Provide some reasoning for this sequence based on the data in your table. 8.0 SUMMARY OF REFERENCES Provide your summary list of references using proper APA format. (Use in-line citations with proper APA format throughout the report.) APPENDIX-LAB REPORT Provide screenshots of the tools and specific results from your Step 5 lab experience, as well as answer any lab questions. Your specific insights, comparisons and results which are important for confirming your vulnerability discussions, the requirements and controls should be explicitly identified and used in the report, above. Your lab report should demonstrate significant coverage of the lab cases. Page 3 of 4
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS

Recommended

Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
davieec5f
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
chrysanthemu49
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
Baileyabw
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
agathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
VSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
KeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
agathachristie113
 

Recommended

Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
davieec5f
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
chrysanthemu49
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
Baileyabw
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
agathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
VSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
KeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
agathachristie113
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
kopiko147
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
PrescottLunt385
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.com
Davis11a
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
tienboileau
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.com
DavisMurphyA97
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.com
donaldzs8
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.com
robertlesew6
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.com
McdonaldRyan79
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
here has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxhere has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docx
simonithomas47935
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
Aryan G
 
Software Engineering Lab Manual
Software Engineering Lab ManualSoftware Engineering Lab Manual
Software Engineering Lab Manual
Neelamani Samal
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
Cloud computing gartner report
Cloud computing gartner reportCloud computing gartner report
Cloud computing gartner report
Sumeet Mayor
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
CruzIbarra161
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
A Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudA Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise Cloud
Jeff Nelson
 
Please readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxPlease readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docx
TatianaMajor22
 
Ford VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxFord VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docx
TatianaMajor22
 

More Related Content

Similar to KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS

Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
tienboileau
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
here has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxhere has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docx
simonithomas47935
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
CruzIbarra161
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 

Similar to KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS (20)

CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.com
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.com
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.com
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.com
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.com
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
here has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxhere has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docx
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Software Engineering Lab Manual
Software Engineering Lab ManualSoftware Engineering Lab Manual
Software Engineering Lab Manual
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
Cloud computing gartner report
Cloud computing gartner reportCloud computing gartner report
Cloud computing gartner report
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
A Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudA Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise Cloud
 

More from TatianaMajor22

Please readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxPlease readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docx
TatianaMajor22
 
Ford VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxFord VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docx
TatianaMajor22
 
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docxAppendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
TatianaMajor22
 
Effects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docxEffects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docx
TatianaMajor22
 
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docxDesign Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
TatianaMajor22
 
Question 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docxQuestion 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docx
TatianaMajor22
 
Case Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docxCase Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docx
TatianaMajor22
 
Behavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docxBehavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docx
TatianaMajor22
 
Discussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docxDiscussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docx
TatianaMajor22
 
I have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docxI have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docx
TatianaMajor22
 
If you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docxIf you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docx
TatianaMajor22
 
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docxMATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
TatianaMajor22
 
If the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docxIf the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docx
TatianaMajor22
 
I am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docxI am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docx
TatianaMajor22
 
Karimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docxKarimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docx
TatianaMajor22
 
Please try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docxPlease try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docx
TatianaMajor22
 

More from TatianaMajor22 (20)

Please readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docxPlease readRobert Geraci, Russia Minorities and Empire,” in .docx
Please readRobert Geraci, Russia Minorities and Empire,” in .docx
 
Ford VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docxFord VS ChevroletThere are many reasons that make the Chevy.docx
Ford VS ChevroletThere are many reasons that make the Chevy.docx
 
Fairness and Discipline     Weve all been disciplined at one.docx
Fairness and Discipline     Weve all been disciplined at one.docxFairness and Discipline     Weve all been disciplined at one.docx
Fairness and Discipline     Weve all been disciplined at one.docx
 
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docxAppendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
Appendix 12A Statement of Cash Flows—Direct MethodLEARNING .docx
 
Effects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docxEffects of StressProvide a 1-page description of a stressful .docx
Effects of StressProvide a 1-page description of a stressful .docx
 
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docxDesign Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
Design Factors NotesCIO’s Office 5 People IT Chief’s Offi.docx
 
Question 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docxQuestion 12.5 pointsSaveThe OSU studies concluded that le.docx
Question 12.5 pointsSaveThe OSU studies concluded that le.docx
 
Case Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docxCase Study 1 Questions1.     What is the allocated budget .docx
Case Study 1 Questions1.     What is the allocated budget .docx
 
Behavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docxBehavior in OrganizationsIntercultural Communications Exercise .docx
Behavior in OrganizationsIntercultural Communications Exercise .docx
 
Discussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docxDiscussion Question Comparison of Theories on Anxiety Disord.docx
Discussion Question Comparison of Theories on Anxiety Disord.docx
 
I have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docxI have always liked Dustin Hoffmans style of acting, in this mov.docx
I have always liked Dustin Hoffmans style of acting, in this mov.docx
 
Is obedience to the law sufficient to ensure ethical behavior Wh.docx
Is obedience to the law sufficient to ensure ethical behavior Wh.docxIs obedience to the law sufficient to ensure ethical behavior Wh.docx
Is obedience to the law sufficient to ensure ethical behavior Wh.docx
 
If you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docxIf you are using the Blackboard Mobile Learn IOS App, please clic.docx
If you are using the Blackboard Mobile Learn IOS App, please clic.docx
 
Is the proliferation of social media and communication devices a .docx
Is the proliferation of social media and communication devices a .docxIs the proliferation of social media and communication devices a .docx
Is the proliferation of social media and communication devices a .docx
 
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docxMATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
MATH 107 FINAL EXAMINATIONMULTIPLE CHOICE1. Deter.docx
 
If the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docxIf the CIO is to be valued as a strategic actor, how can he bring.docx
If the CIO is to be valued as a strategic actor, how can he bring.docx
 
I am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docxI am showing below the proof of breakeven, which is fixed costs .docx
I am showing below the proof of breakeven, which is fixed costs .docx
 
Examine the way in which death and dying are viewed at different .docx
Examine the way in which death and dying are viewed at different .docxExamine the way in which death and dying are viewed at different .docx
Examine the way in which death and dying are viewed at different .docx
 
Karimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docxKarimi 1 Big Picture Blog Post ​ First Draft College .docx
Karimi 1 Big Picture Blog Post ​ First Draft College .docx
 
Please try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docxPlease try not to use hard words Thank youWeek 3Individual.docx
Please try not to use hard words Thank youWeek 3Individual.docx
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 

KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS

  • 1. KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS Mobile Application Threat Model Report [name] [date] 1.0 INTRODUCTION Inject yourself into the given scenario and respond as the cyber threat analyst at a company wants to implement an initial specific mobile application. Provide an introduction to your company and work on providing mobile application security advice specific for this application to senior management. The advice might also apply to future mobile applications, but advice only relating to your specific first mobile application
  • 2. should be covered. What assumptions are you making? What is included and what is not included? 2.0 PURPOSE Describe the purpose of your work as it relates to senior management making a decision to follow your recommendations and proceed with this mobile applications technology. What issue(s) is(are) being addressed? What aspects of security are key for the mobile application? Are there any specific laws, regulations, industry norms, etc. that must be followed? Reference and explain them. 3.0 MOBILE APPLICATION ARCHITECTURE Integrate the Step1 description of the mobile application architecture in the scenario. Identify, describe and explain areas such as · The purpose and intent of the specific first mobile application. · Who and/or what systems are users of this application. · An architecture diagram for your application should be provided and explained. · A network diagram(s), including the related system(s) and end devices should be included and explained. Be sure to describe key aspects of the network, systems and devices, as related to this specific mobile application scenario only. Refer to and explain key elements, key OSs and key technologies in your diagram(s). · My preference would be for you to focus most on the mobile architecture and less so on the networking. However, note that the traffic record analyses in the lab will give you guidance for the application architecture network protocols. So, you will be “forced” to consider the type of networking to be used. · Provide one or two Use Case Scenarios and trace these
  • 3. scenarios in the architecture/network diagram(s) or any additional diagrams. Use Cases are a collection of separate statements of how the, in this case, mobile application would work in different situations (e.g., banking use cases, not necessarily, mobile application oriented, might be depositing a check to your savings account, transferring money from your savings account to your checking account, applying for a loan, etc.). Tracing involves showing the exact steps involved from beginning to end in the specific use case. If you cover one (two) use case(s), you would have one (two) unique and separate tracings (i.e., one (two) different diagrams). · Identify the specific areas for security concern. 4.0 SECURITY REQUIREMENTS Integrate the Step 2 requirements for this mobile application. Starting with a high-level statement of the security required for this mobile application, work your way to more detailed security requirements and identify the specific application architecture, network and system components to which these requirements apply. Note that requirements statements are needs, such as non-repudiation, integrity, etc. for a specific aspect of the application, network, data, etc. The statement does not include specific implementation that achieves these. Also note that you are writing about what is needed and not about what your application, network, etc. already has. 4.0 THREATS AND THREAT AGENTS Integrate the Step 3 description of threats and threat agents and your relevant Step 5 lab results which specifically pertain to this mobile application’s data. Indicate if the threats and threat agents are dependent on specific OSs, platforms or mobile technology related to the application.
  • 4. 5.0 METHODS OF ATTACK Integrate the Step 4 methods of attacks and your relevant Step 5 lab results which specifically pertain to this mobile application’s data. A clear and professional presentation of this material might provide threat agent use cases (e.g., a step by step description of how the threat agents conduct their attack) and diagrams to refer to while describing the steps. 6.0 SECURITY CONTROLS Integrate your Step 6 research into this section. Note that there usually are multiple ways of mitigating or control security issues and to achieve the security requirements and you will need to guide senior leadership in which to select and which selected controls to be implemented first, second, etc. Summarize, explain and discuss · Specific controls which could achieve your security requirements and/or prevent the attacks you covered for this mobile application · Cover your controls according to platform (e.g., Apple/iOS, Android, Windows Mobile, BlackBerry) · What are the controls to achieve the security requirements and/or prevent each attack? · What are the controls to detect each attack? · What are the controls to mitigate/minimize the impact of each attack? · What are the privacy controls which protect users’ private information (e.g., a security prompt before users access an address book or allow geolocation) for your application? The use of tables could greatly clarify and help with understanding. Your table should map each control to each specific attack you covered, provide a projected level of
  • 5. effectiveness if implemented and indicate some aspect such as cost, complexity, skills required, time required, staff required, etc. for specifying, implementing, operating and maintaining the control. You may find such data in your research and/or create your own reasonable assessments. This data will be useful to senior management in making their decisions based on a desire to achieve a specific level of risk management. 7.0 RECOMMENDATIONS Summarize only your main points that senior leadership needs to know to do their job and present your specific recommendations. If there are multiple recommendations or several steps, recommend the sequence or roadmap that should be taken. Provide some reasoning for this sequence based on the data in your table. 8.0 SUMMARY OF REFERENCES Provide your summary list of references using proper APA format. (Use in-line citations with proper APA format throughout the report.) APPENDIX-LAB REPORT Provide screenshots of the tools and specific results from your Step 5 lab experience, as well as answer any lab questions. Your specific insights, comparisons and results which are important for confirming your vulnerability discussions, the requirements and controls should be explicitly identified and used in the report, above. Your lab report should demonstrate significant coverage of the lab cases. Page 3 of 4