https://www.huffpost.com/entry/online-dating-vs-offline_b_4037867
For your initial post, provide a sentence to share which article you are referring to so that you can best communicate with your peers. Include a link to your selection.
· Explain how the argument contains or avoids bias.
i. Provide specific examples to support your explanation.
ii. What assumptions does it make?
· Discuss the credibility of the overall argument.
i. Were the resources the argument was built upon credible?
ii. Does the credibility support or undermine the article’s claims in any important ways?
In response to your peers, provide an additional resource to support or refute the argument your peer makes. Do you agree with their claims of credibility? Are there any other possible bias not identified?
Response #1
Allysa Tantala posted Sep 22, 2019 10:17 PM
Subscribe
The article that I am looking at is Online Dating Vs. Offline Dating: Pros and Cons.It was written by Julie Spira, an online dating expert, bestselling author, and CEO of Cyber-Dating Expert. The name of the article is spot on in describing what it is about. The author goes through the pros and cons of dating online and offline in today’s day and age. The author avoids bias because she looks at both options in both their positive and negative attributes. She comes at the issues from both angles and I believe she does a very good job at remaining unbiased. She states that “if you're serious about meeting someone special, you must include a combination of both online and offline dating in your routine” (Spira, 2013, par. 18). She’s stating that both options have their pros and cons and that really a combination of both is needed to find someone. The only bias I could see anyone pointing out would be that she is a woman, so you do not get the male perspective on these things. That being said, I one hundred percent think she covers all of the questions people may have about online and offline dating in today’s world. The only assumption being made here is that the reader wants to be out in the dating world and they need to know what is best. But, the title of the article is pretty self-explanatory so if someone did not want to know these things, they would not have to waste their time reading it all because they could tell what it would be about by the title.
The resource that she used was herself, and like I stated above, she is an online dating expert, bestselling author, and CEO of Cyber-Dating Expert; so she is more than qualified to give her perspective on these issues. I find her to be credible and thought provoking. Her credibility supports everything the article says and makes the reader feel like they are being told the truth by someone who completely understands all of the pros and cons.
Resource:
Spira, J. (2013, December 3). Online Dating Vs. Offline Dating: Pros and Cons. Retrieved from https://www.huffpost.com/entry/online-dating-vs-offline_b_4037867
Response #2
Jennifer Caforio posted Se ...
PHL 111 Milestone Two WorksheetUse the following guiding q.docxkarlhennesey
PHL 111 Milestone Two Worksheet
Use the following guiding questions to help you develop the remainder of the Argument section and the Counterargument section of your critical essay. First, answer each of the questions below to draft your ideas. Then, complete the Outline for Writing section, using your answers to the questions to help you draft a paragraph response for each of the sections below.
II. This set of questions is designed to help you draft ideas for the remaining parts of the Presented Argument section for your critical essay.
A. Looking at the article that you have chosen, explain how the argument contains or avoids bias.
i. Does the argument contain or avoid bias? Yes. How? This article contains bias because the author introduces the topic with a preconceived notion that online dating is better than offline dating.
ii. Provide specific examples to support your explanation.
The author points out than online dating is more convenient as compared to offline dating thus it is the better method of dating.
B. Discuss the credibility of the overall argument and answer the following:
i. Were the resources upon which the argument is built credible? No.
· Why or why not?
The resources that the argument was built upon are not credible because they do not provide the cons of offline dating to justify their claim that online dating is better than offline dating.
·
ii. Does the credibility support or undermine the article’s claims in any important ways?
· How? The credibility of the article undermines the article in significant ways because it does not include the cons of online dating to reveal how they are outweighed by the pros to prove indeed that online dating is the better form of dating as compared to offline dating.
Outline for Writing
The argument that I have selected contains bias. It does this by explicitly stating that offline dating offers significant benefits as compared to online dating . I have assessed the credibility of the argument to be credible/not credible because the resources in the article were credible/not credible in that they provide a perspective from the authors experiences with both online and offline dating . The credibility of this article supports the argument’s claims by revealing the most significant benefit that offline dating offers which is emotional connection which is arises when the individuals physically meet each other .
III. Before answering the questions below and drafting the Counterargument section of your critical essay, read the articles listed under “Additional Resources” and “Scholarly Resources” columns for your article found on the Final Project Topics and Resources Page in Blackboard. Then, use these additional resources to craft your own counterargument to the argument initially presented in your chosen article.
A. Construct an alternative argument to that of your selected article.
i. After reading the Additional and Scholarly resources ...
The discussion in this module will be focused on the idea of truth. .docxbob8allen25075
The discussion in this module will be focused on the idea of truth. Determining the truth is paramount to determining the soundness of an argument. To falsify a premise is to disprove an entire argument but as a class, a thinking community, we have to agree on how we verify or falsify a truth. We will extract our criteria for determining truth in part from this discussion. To begin with we might consider how to evaluate:
1) Sources
2) Observations
3) Quantitative data (percentages, statistics, graphs, surveys, etc)
4) Other types of information
First, for context and some ideas, read this article in
Lifehacker on finding the truth (Links to an external site.)Links to an external site.
. Keep in mind this is not an authoritative text on determining the truth to stimulate your thinking and you should not feel obliged to agree with any of it.
Instructions: You will a submit a minimum of 3 posts to this discussion:
1) The first will be your opinion as to how we should determine the truth for at least items 1,2 & 3 above and you can add anything you think is missing. It should be very clear from your post how we will determine truth and you should have a sound justification for your position, in fact you should phrase your suggestions like an argument with premises and conclusions. This must be done by the first due date and the last 2 must be complete before the discussion closes.
2) Comment of 2 of your peers posts offering some improvement or support for their arguments. Simply stating that you agree or disagree is not enough to count as a comment.
3) After surveying the discussion write a summary of what you think are the best ideas presented.
Oh:
I think how we determine the truth is by looking at where the information is coming from. For instance, magazines on actors, actresses, and singers often use rumors and unspecific sources to put in their articles to create a story. The story they create may or may not be the truth but that would be up to the reader. More than often, we as the readers of these magazines find the information to only be partially true because their next issue would have an article slightly contradicting the last thing they wrote about on the person. When we find these little mistakes here and there, we come to the conclusion that maybe this magazine should be read with the thought in mind that what you read will not be the full truth.
When getting research information from an academic journal for your paper, it is more reliable compared to getting information from Wikipedia. Many of us who have done research papers were told never to use Wikipedia. The reason being is that, Wikipedia is an information filled website but is also known to hold information that could be added and changed by just anyone. On the other hand, an academic journal is often written by someone with credentials and have taken the time to research the topic they published.
Information based on observations and quantitative d.
PHL 111 Milestone Two WorksheetUse the following guiding q.docxkarlhennesey
PHL 111 Milestone Two Worksheet
Use the following guiding questions to help you develop the remainder of the Argument section and the Counterargument section of your critical essay. First, answer each of the questions below to draft your ideas. Then, complete the Outline for Writing section, using your answers to the questions to help you draft a paragraph response for each of the sections below.
II. This set of questions is designed to help you draft ideas for the remaining parts of the Presented Argument section for your critical essay.
A. Looking at the article that you have chosen, explain how the argument contains or avoids bias.
i. Does the argument contain or avoid bias? Yes. How? This article contains bias because the author introduces the topic with a preconceived notion that online dating is better than offline dating.
ii. Provide specific examples to support your explanation.
The author points out than online dating is more convenient as compared to offline dating thus it is the better method of dating.
B. Discuss the credibility of the overall argument and answer the following:
i. Were the resources upon which the argument is built credible? No.
· Why or why not?
The resources that the argument was built upon are not credible because they do not provide the cons of offline dating to justify their claim that online dating is better than offline dating.
·
ii. Does the credibility support or undermine the article’s claims in any important ways?
· How? The credibility of the article undermines the article in significant ways because it does not include the cons of online dating to reveal how they are outweighed by the pros to prove indeed that online dating is the better form of dating as compared to offline dating.
Outline for Writing
The argument that I have selected contains bias. It does this by explicitly stating that offline dating offers significant benefits as compared to online dating . I have assessed the credibility of the argument to be credible/not credible because the resources in the article were credible/not credible in that they provide a perspective from the authors experiences with both online and offline dating . The credibility of this article supports the argument’s claims by revealing the most significant benefit that offline dating offers which is emotional connection which is arises when the individuals physically meet each other .
III. Before answering the questions below and drafting the Counterargument section of your critical essay, read the articles listed under “Additional Resources” and “Scholarly Resources” columns for your article found on the Final Project Topics and Resources Page in Blackboard. Then, use these additional resources to craft your own counterargument to the argument initially presented in your chosen article.
A. Construct an alternative argument to that of your selected article.
i. After reading the Additional and Scholarly resources ...
The discussion in this module will be focused on the idea of truth. .docxbob8allen25075
The discussion in this module will be focused on the idea of truth. Determining the truth is paramount to determining the soundness of an argument. To falsify a premise is to disprove an entire argument but as a class, a thinking community, we have to agree on how we verify or falsify a truth. We will extract our criteria for determining truth in part from this discussion. To begin with we might consider how to evaluate:
1) Sources
2) Observations
3) Quantitative data (percentages, statistics, graphs, surveys, etc)
4) Other types of information
First, for context and some ideas, read this article in
Lifehacker on finding the truth (Links to an external site.)Links to an external site.
. Keep in mind this is not an authoritative text on determining the truth to stimulate your thinking and you should not feel obliged to agree with any of it.
Instructions: You will a submit a minimum of 3 posts to this discussion:
1) The first will be your opinion as to how we should determine the truth for at least items 1,2 & 3 above and you can add anything you think is missing. It should be very clear from your post how we will determine truth and you should have a sound justification for your position, in fact you should phrase your suggestions like an argument with premises and conclusions. This must be done by the first due date and the last 2 must be complete before the discussion closes.
2) Comment of 2 of your peers posts offering some improvement or support for their arguments. Simply stating that you agree or disagree is not enough to count as a comment.
3) After surveying the discussion write a summary of what you think are the best ideas presented.
Oh:
I think how we determine the truth is by looking at where the information is coming from. For instance, magazines on actors, actresses, and singers often use rumors and unspecific sources to put in their articles to create a story. The story they create may or may not be the truth but that would be up to the reader. More than often, we as the readers of these magazines find the information to only be partially true because their next issue would have an article slightly contradicting the last thing they wrote about on the person. When we find these little mistakes here and there, we come to the conclusion that maybe this magazine should be read with the thought in mind that what you read will not be the full truth.
When getting research information from an academic journal for your paper, it is more reliable compared to getting information from Wikipedia. Many of us who have done research papers were told never to use Wikipedia. The reason being is that, Wikipedia is an information filled website but is also known to hold information that could be added and changed by just anyone. On the other hand, an academic journal is often written by someone with credentials and have taken the time to research the topic they published.
Information based on observations and quantitative d.
📖 FREE eBook - 476 Pages
🔰 Complete Guide to Cyber Security Operation Center🔰
I’ve recently completed a book on SOC, a project close to my heart, that delves into the exciting realm of Security Automation, Orchestration, and Hyper-automation platforms in the SOC. If you’ve ever found yourself overwhelmed by the multitude of cybersecurity solutions, this post is designed to be your personal guide on developing a fully functional SOC.
This eBook comes with plenty of examples and illustrations to help you understand complex concepts, data collection requirements to incident response, automations, playbooks, integrations requirements under the scope of IT, IS and Cybersecurity.
A big shout out to Brad Voris for his review of the book, his insights made this book even richer.
Knowledge Areas Covered
✅ Enterprise architecture strategy to better formulate your SOC.
✅ Visibility & data ingress requirements for your SOC
✅ SOC functions, KPI’s, processes, frameworks, and automation requirements
✅ Derive your Analyst-JD aligned to international frameworks
✅ SOC organogram with Red, Blue, Purple team’s maturity, tactics, functions, activities
✅ SIEM & SOAR architecture design guidelines to achieve more from these integrations.
✅ Detection engineering with OSINT, CTEM.
✅ Incident response with CSIRT, DFIR.
✅ Tabletop exercises explained and operationalized
✅ Artificial Intelligence & Data Science in SOC
✅ How to develop your Open-source based SOC, full hardware BoQ, Network Design is provided
✅ Bonus Chapters: IT Project Management, VA/PT Plan, ITIL Strategy Frameworks, Jurisdiction Assignment Matrix etc.
📢 Download the eBook
👉 Download this eBook (pdf): https://lnkd.in/gTRnhmPp
👉 DM me for the DOCX version of the book.
👉 Join Discord: Please DM me on LinkedIn, I will Send you the link to join.
👉 1000+ Job aids – download extra documentation.
👉 60 Body of Knowledge (BoK) links.
👉 1500+ curated list of VA/PT tools as job aids.
👉 200+ References to support your SOC operations even further.
📢 Download all the available documents from here: https://lnkd.in/eNNUm9XW
📢 Download Job Aids: https://lnkd.in/gCKq6R-D
If you find it useful and informative, please share/repost the book with your network.
Written Assignment 1(25 points) 3-4 pages, not including cover or .docxodiliagilby
Written Assignment 1(25 points) 3-4 pages, not including cover or References pages
Locate an article describing a collective bargaining situation that has arisen within this year (2019). This article should be from a newspaper, an academic journal, or a credible online news source. Attach the article or give the link. Use a minimum of two additional references from the course materials to support your discussion and to respond to the questions in the assignment.
a. Using APA guidelines, state the proper citation for the article.
Then, summarize the situation, including:
b. What type of collective bargaining is this? (https://businessjargons.com/types-of-collective-bargaining.html)
c. What are the underlying causes of the dispute?
e. If there is any evidence of any illegal or unethical conduct on either side, describe it in detail.
f. Was the dispute resolved? If so, how?
g. In retrospect, could this dispute have been resolved in a more constructive fashion? If so, how?
REFERENCES TO USE:
https://open.lib.umn.edu/humanresourcemanagement/chapter/12-2-collective-bargaining/
http://www.law.cornell.edu/wex/labor
https://www.nlrb.gov/resources/nlrb-process/unfair-labor-practice-process-chart
bgloss.indd 312 11/26/2015 7:40:39 PM
Managing and Using
Information Systems
A STRATEGIC APPROACH
Sixth Edition
Keri E. Pearlson
KP Partners
Carol S. Saunders
W.A. Franke College of Business
Northern Arizona University
Dr. Theo and Friedl Schoeller Research Center for Business and Society
Dennis F. Galletta
Katz Graduate School of Business
University of Pittsburgh, Pittsburgh, PA
ffirs.indd 1 12/1/2015 12:34:39 PM
VICE PRESIDENT & DIRECTOR George Hoffman
EXECUTIVE EDITOR Lise Johnson
DEVELOPMENT EDITOR Jennifer Manias
ASSOCIATE DEVELOPMENT EDITOR Kyla Buckingham
SENIOR PRODUCT DESIGNER Allison Morris
MARKET SOLUTIONS ASSISTANT Amanda Dallas
SENIOR DIRECTOR Don Fowley
PROJECT MANAGER Gladys Soto
PROJECT SPECIALIST Nichole Urban
PROJECT ASSISTANT Anna Melhorn
EXECUTIVE MARKETING MANAGER Christopher DeJohn
ASSISTANT MARKETING MANAGER Puja Katariwala
ASSOCIATE DIRECTOR Kevin Holm
SENIOR CONTENT SPECIALIST Nicole Repasky
PRODUCTION EDITOR Loganathan Kandan
This book was set in 10/12 Times Roman by SPi Global and printed and bound by Courier Kendallville.
This book is printed on acid free paper.
Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people
around the world meet their needs and fulfill their aspirations. Our company is built on a foundation of principles that include responsibility to
the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the
environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper
specifications an ...
You’re Not A Dog: How Lawyers Can Put Their Best Foot Forward OnlineRocket Matter, LLC
As famous New Yorker cartoon goes, “On the Internet, nobody knows you’re a dog.” But as a lawyer, “being a dog” may cost you your two most valuable assets, your reputation and your license.
Further, as the web continues to “go social”, web users will become better at identifying dogs. Let’s talk about how you can put your best foot forward online in an ethical, as well as, effective manner.
This slide deck is courtesy Gyi Tsakalakis, of AttorneySync.com. Gyi has been helping lawyers understand how to put the web to work for their practices since 2008. A former practicing attorney, Gyi is a law firm web strategist and owner at AttorneySync.
The Open Arms Project was created as a vehicle for current and former foster care children to share their experiences. Check out our slideshow presentation explaining our purpose.
httpswww.azed.govoelaselpsUse this to see the English Lang.docxpooleavelina
https://www.azed.gov/oelas/elps/
Use this to see the English Language Proficiency Standards of Arizona-Pick a grade level
https://cms.azed.gov/home/GetDocumentFile?id=54de1d88aadebe14a87070f0
http://www.corestandards.org/ELA-Literacy/introduction/how-to-read-the-standards/
how to read standards
Week 04
Acquisition and Customer Lifetime Value (CLV)
https://www.smh.com.au/politics/federal/nbn-customers-face-higher-prices-or-poorer-internet-connection-audit-warns-20190813-p52go7.html
Customer Relationship Management?
CRM is the process of carefully managing detailed information about individual
customers and all customer touch points to maximize customer loyalty.
Now closely associated with data warehousing and mining
Relationship
Relationship
Identifying good customers: RFM Model
Recency
Frequency
Monetary Value
Time/purchase occasions since the last purchase
Number of purchase occasions since first purchase
Amount spent since the first purchase
R
F
M
Total RFM Score: R Score + F score + M Score
CASE: Database for BookBinders Book Club
Predict response to a mailing for the book, Art History of Florence, based on the
following variables accumulated in the database and the responses to a test mailing:
Gender
Amount purchased
Months since first purchase
Months since last purchase
Frequency of purchase
Past purchases of art books
Past purchases of children’s books
Past purchases of cook books
Past purchases of DIY books
Past purchases of youth books
Recency
Frequency
Monetary
Example: RFM Model Scoring Criteria
R
Months from last
purchase
13-max 10-12 7-9 3-6 0-2
Score 5pts 10 15 20 25
F
Frequency > 30 21-30 16-20 11-15 0-10
Score 25pts 20 15 10 5
M
Amount
purchased
> 400 301-400 201-300 101- 200 100
Score 50 45 30 15 10
Implement using Nested If statements in Excel
Decile Classification
• Standard Assessment Method
• Apply the results of approach and
calculate the “score” of each individual
• Order the customers based on “score”
from the highest to the lowest
• Divide into deciles
• Calculate profits per deciles
Customer 1 Score 1.00
Customer 2 Score 0.99
….
Customer 230 Score 0.92
Customer 2300 Score 0.00
Decile1
Decile10
…
..
…
..
Output for Bookbinders club
Decile Score RFM No. of Mailings Cost of mailing RFM Units sold RFM Profit
10 17.6% 5000 $3,250 783 $4,733
20 34.8% 10000 $6,500 1,543 $9,243
30 46.1% 15000 $9,750 2,043 $11,093
40 53.4% 20000 $13,000 2,370 $11,170
50 65.2% 25000 $16,250 2,891 $13,241
60 77.9% 30000 $19,500 3,457 $15,757
70 83.3% 35000 $22,750 3,696 $14,946
80 91.7% 40000 $26,000 4,065 $15,465
90 97.5% 45000 $29,250 4,326 $14,876
100 100.0% 50000 $32,500 4,435 $12,735
Note: Market Potential = 4435 units and margin = $10.20
Leaky bucket
New customer
acquisition
Purchase increase by
current customers
Purchase decrease by
current customers
Lost customers
Lost customers
Credit Card Rewards Program ...
httpfmx.sagepub.comField Methods DOI 10.117715258.docxpooleavelina
http://fmx.sagepub.com
Field Methods
DOI: 10.1177/1525822X04269550
2005; 17; 30 Field Methods
Don A. Dillman and Leah Melani Christian
Survey Mode as a Source of Instability in Responses across Surveys
http://fmx.sagepub.com/cgi/content/abstract/17/1/30
The online version of this article can be found at:
Published by:
http://www.sagepublications.com
can be found at:Field Methods Additional services and information for
http://fmx.sagepub.com/cgi/alerts Email Alerts:
http://fmx.sagepub.com/subscriptions Subscriptions:
http://www.sagepub.com/journalsReprints.navReprints:
http://www.sagepub.com/journalsPermissions.navPermissions:
http://fmx.sagepub.com/cgi/content/refs/17/1/30 Citations
at SAGE Publications on September 9, 2009 http://fmx.sagepub.comDownloaded from
http://fmx.sagepub.com/cgi/alerts
http://fmx.sagepub.com/subscriptions
http://www.sagepub.com/journalsReprints.nav
http://www.sagepub.com/journalsPermissions.nav
http://fmx.sagepub.com/cgi/content/refs/17/1/30
http://fmx.sagepub.com
10.1177/1525822X04269550FIELD METHODSDillman, Christian / SURVEY MODE AS SOURCE OF INSTABILITY
Survey Mode as a Source of Instability
in Responses across Surveys
DON A. DILLMAN
LEAH MELANI CHRISTIAN
Washington State University
Changes in survey mode for conducting panel surveys may contribute significantly to
survey error. This article explores the causes and consequences of such changes in
survey mode. The authors describe how and why the choice of survey mode often
causes changes to be made to the wording of questions, as well as the reasons that
identically worded questions often produce different answers when administered
through different modes. The authors provide evidence that answers may change as a
result of different visual layouts for otherwise identical questions and suggest ways
to keep measurement the same despite changes in survey mode.
Keywords: survey mode; questionnaire; panel survey; measurement; survey error
Most panel studies require measurement of the same variables at different
times. Often, participants are asked questions, several days, weeks, months,
or years apart to measure change in some characteristics of interest to the
investigation. These characteristics might include political attitudes, satis-
faction with a health care provider, frequency of a behavior, ownership of
financial resources, or level of educational attainment. Whatever the charac-
teristic of interest, it is important that the question used to ascertain it perform
the same across multiple data collections.
In addition, declining survey response rates, particularly for telephone
surveys, have encouraged researchers to use multiple modes of data collec-
tion during the administration of a single cross-sectional survey. Encouraged
by the availability of more survey modes than in the past and evidence that a
change in modes produces higher response rates (Dillman 2002), surveyors
This is a revision of a paper presented at t ...
https://iexaminer.org/fake-news-personal-responsibility-must-trump-intellectual-laziness/
Fake news: Personal responsibility must trump intellectual laziness
By Matt Chan January 4, 2017
Where do you get your news? That question has become incredibly important given the results of our Presidential Election. How many times have you heard, “I read a news story on Facebook and …” The problem: Facebook is not a news service; it’s a “social media” site whose purpose is to connect like-minded friends and family, to provide you with social connections, and online entertainment.
For Asian Americans social media provides an important and useful way of connecting socially and in some cases politically, but there is a downside. The downside is how social media actually works. These sites employ elaborate algorithms to track and analyze your posts, likes, and dislikes to provide you with a custom experience unique to you. The truth is you are being marketed to, not informed. What looks like news, is not really news, it’s personal validation. All in an attempt to keep you on the site longer, to click a few more things, to make you feel good about what you’re reading. It makes it seem like most people agree with you because you’re only fed information and stories that validate your worldview.
On the other hand, real news is hard work. Its fact-based information presented by people who have checked, researched, and documented what they are presenting as the truth. Real news can be verified.
“Fake News” is, well, fake, often times entirely made-up or containing a hint of truth. Social media was largely responsible for pushing “fake news” stories that were entirely made up to drive clicks on websites. These clicks in turn generated money for the people promoting the stories. The more outrageous the story, the more clicks, the more revenue. When you factor in the algorithms that feed you what you like, you can clearly see the more “fake news” you consume on social media, the more is pushed your way. There’s an abundance of pseudo news sites that merely re-post and curate existing stories, adding their bias to validate their audience’s beliefs, no matter how crazy or mainstream. It is curated solely for you. Now factor in that nearly 44% of Americans obtain some or most of their news from social media and you have a very toxic mix.
The mainstream news media has also fallen into this validation trap. You have one news network that solely reflects the right wing, others that take the view of the left-center leaning, and what is lost are the facts and context, the balance we need to evaluate, learn, and understand the world. People seeking fact-based journalism lose, because the more extreme the media becomes to entice consumers with provocative headlines and click-bait to earn more money, the less their news is fact-based and becomes more opinion driven.
There was a time when fact-based reporting was required of broadcast news. It was called “The Fairness Doctrin ...
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxpooleavelina
http://1500cms.com/
BECAUSE THIS FORM IS USED BY VARIOUS GOVERNMENT AND PRIVATE HEALTH PROGRAMS, SEE SEPARATE INSTRUCTIONS ISSUED BY
APPLICABLE PROGRAMS.
NOTICE: Any person who knowingly files a statement of claim containing any misrepresentation or any false, incomplete or misleading information may
be guilty of a criminal act punishable under law and may be subject to civil penalties.
REFERS TO GOVERNMENT PROGRAMS ONLY
MEDICARE AND CHAMPUS PAYMENTS: A patient’s signature requests that payment be made and authorizes release of any information necessary to process
the claim and certifies that the information provided in Blocks 1 through 12 is true, accurate and complete. In the case of a Medicare claim, the patient’s signature
authorizes any entity to release to Medicare medical and nonmedical information, including employment status, and whether the person has employer group health
insurance, liability, no-fault, worker’s compensation or other insurance which is responsible to pay for the services for which the Medicare claim is made. See 42
CFR 411.24(a). If item 9 is completed, the patient’s signature authorizes release of the information to the health plan or agency shown. In Medicare assigned or
CHAMPUS participation cases, the physician agrees to accept the charge determination of the Medicare carrier or CHAMPUS fiscal intermediary as the full charge,
and the patient is responsible only for the deductible, coinsurance and noncovered services. Coinsurance and the deductible are based upon the charge
determination of the Medicare carrier or CHAMPUS fiscal intermediary if this is less than the charge submitted. CHAMPUS is not a health insurance program but
makes payment for health benefits provided through certain affiliations with the Uniformed Services. Information on the patient’s sponsor should be provided in those
items captioned in “Insured”; i.e., items 1a, 4, 6, 7, 9, and 11.
BLACK LUNG AND FECA CLAIMS
The provider agrees to accept the amount paid by the Government as payment in full. See Black Lung and FECA instructions regarding required procedure and
diagnosis coding systems.
SIGNATURE OF PHYSICIAN OR SUPPLIER (MEDICARE, CHAMPUS, FECA AND BLACK LUNG)
I certify that the services shown on this form were medically indicated and necessary for the health of the patient and were personally furnished by me or were furnished
incident to my professional service by my employee under my immediate personal supervision, except as otherwise expressly permitted by Medicare or CHAMPUS
regulations.
For services to be considered as “incident” to a physician’s professional service, 1) they must be rendered under the physician’s immediate personal supervision
by his/her employee, 2) they must be an integral, although incidental part of a covered physician’s service, 3) they must be of kinds commonly furnished in physician’s
offices, and 4) the services of nonphysicians must be included on the physician’s bills.
For CHA ...
https://www.medicalnewstoday.com/articles/323444.php
https://ascopubs.org/doi/full/10.1200/JCO.2008.16.0333
https://journals.lww.com/co-hematology/Abstract/2007/03000/Influence_of_new_molecular_prognostic_markers_in.5.aspx
Influence of new molecular prognostic markers in patients with karyotypically normal acute myeloid leukemia: recent advances
Mrózek, Krzysztofa; Döhner, Hartmutb; Bloomfield, Clara Da
Current Opinion in Hematology: March 2007 - Volume 14 - Issue 2 - p 106–114
doi: 10.1097/MOH.0b013e32801684c7
Myeloid disease
Purpose of review Molecular study of cytogenetically normal acute myeloid leukemia is among the most active areas of leukemia research. Despite having the same normal karyotype, adults with de-novo cytogenetically normal acute myeloid leukemia who constitute the largest cytogenetic group of acute myeloid leukemia, are very diverse with respect to acquired gene mutations and gene expression changes. These genetic alterations affect clinical outcome and may assist in selection of proper treatment. Herein we critically summarize recent clinically relevant molecular genetic studies of cytogenetically normal acute myeloid leukemia.
Recent findings NPM1 gene mutations causing aberrant cytoplasmic localization of nucleophosmin have been demonstrated to be the most frequent submicroscopic alterations in cytogenetically normal acute myeloid leukemia and to confer improved prognosis, especially in patients without a concomitant FLT3 gene internal tandem duplication. Overexpressed BAALC, ERG and MN1 genes and expression of breast cancer resistance protein have been shown to confer poor prognosis. A gene-expression signature previously suggested to separate cytogenetically normal acute myeloid leukemia patients into prognostic subgroups has been validated on a different microarray platform, although gene-expression signature-based classifiers predicting outcome for individual patients with greater accuracy are still needed.
Summary The discovery of new prognostic markers has increased our understanding of leukemogenesis and may lead to improved prognostication and generation of novel risk-adapted therapies.
http://www.bloodjournal.org/content/127/1/53?sso-checked=true
An update of current treatments for adult acute myeloid leukemia
Hervé Dombret and Claude Gardin
Abstract
Recent advances in acute myeloid leukemia (AML) biology and its genetic landscape should ultimately lead to more subset-specific AML therapies, ideally tailored to each patient's disease. Although a growing number of distinct AML subsets have been increasingly characterized, patient management has remained disappointingly uniform. If one excludes acute promyelocytic leukemia, current AML management still relies largely on intensive chemotherapy and allogeneic hematopoietic stem cell transplantation (HSCT), at least in younger patients who can tolerate such intensive treatments. Nevertheless, progress has been made, notably in terms of standard drug dose in ...
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docxpooleavelina
https://theater.nytimes.com/ mem/ theater/ treview.html?res=9902e6db1639f931a25753c1a962948260
THEATER: WILSON'S 'MA RAINEY'S' OPENS
By FRANK RICH
Published: October 12, 1984, Friday
LATE in Act I of ''Ma Rainey's Black Bottom,'' a somber, aging band trombonist (Joe Seneca) tilts his head heavenward to sing the blues. The setting is a dilapidated Chicago recording studio of 1927, and the song sounds as old as time. ''If I had my way,'' goes the lyric, ''I would tear this old building down.''
Once the play has ended, that lyric has almost become a prophecy. In ''Ma Rainey's Black Bottom,'' the writer August Wilson sends the entire history of black America crashing down upon our heads. This play is a searing inside account of what white racism does to its victims - and it floats on the same authentic artistry as the blues music it celebrates. Harrowing as ''Ma Rainey's'' can be, it is also funny, salty, carnal and lyrical. Like his real-life heroine, the legendary singer Gertrude (Ma) Rainey, Mr. Wilson articulates a legacy of unspeakable agony and rage in a spellbinding voice.
The play is Mr. Wilson's first to arrive in New York, and it reached here, via the Yale Repertory Theater, under the sensitive hand of the man who was born to direct it, Lloyd Richards. On Broadway, Mr. Richards has honed ''Ma Rainey's'' to its finest form. What's more, the director brings us an exciting young actor - Charles S. Dutton - along with his extraordinary dramatist. One wonders if the electricity at the Cort is the same that audiences felt when Mr. Richards, Lorraine Hansberry and Sidney Poitier stormed into Broadway with ''A Raisin in the Sun'' a quarter-century ago.
As ''Ma Rainey's'' shares its director and Chicago setting with ''Raisin,'' so it builds on Hansberry's themes: Mr. Wilson's characters want to make it in white America. And, to a degree, they have. Ma Rainey (1886-1939) was among the first black singers to get a recording contract - albeit with a white company's ''race'' division. Mr. Wilson gives us Ma (Theresa Merritt) at the height of her fame. A mountain of glitter and feathers, she has become a despotic, temperamental star, complete with a retinue of flunkies, a fancy car and a kept young lesbian lover.
The evening's framework is a Paramount-label recording session that actually happened, but whose details and supporting players have been invented by the author. As the action swings between the studio and the band's warm-up room - designed by Charles Henry McClennahan as if they might be the festering last- chance saloon of ''The Iceman Cometh'' - Ma and her four accompanying musicians overcome various mishaps to record ''Ma Rainey's Black Bottom'' and other songs. During the delays, the band members smoke reefers, joke around and reminisce about past gigs on a well-traveled road stretching through whorehouses and church socials from New Orleans to Fat Back, Ark.
The musicians' speeches are like improvised band solos - variously fiz ...
https://fitsmallbusiness.com/employee-compensation-plan/
The puzzle of motivation | Dan Pink [Video file]. Retrieved from https://www.youtube.com/watch?v=rrkrvAUbU9Y
Refining the total rewards package through employee input at MillerCoors [Video file]. Retrieved from https://www.youtube.com/watch?v=_I7nv0B4_NU&feature=youtu.be
How to design an employee compensation plan [SlideShare slides]. Retrieved from http://www.slideshare.net/FitSmallBusiness/how-to-design-a-compensation-plan-dave?ref=http://fitsmallbusiness.com/how-to-pay-employees/
Compensation strategies [Video file]. Retrieved from https://youtu.be/U2wjvBigs7w
· Expectations for Power Point Presentations in Units IV and V
I would like to provide information about what needs to be included in presentations. Please review the rubric prior to submitting any assignment. If you don't know where to find this, please contact me.
1. You need a title slide.
2. You need an overview of the presentation slide (slide after the title slide). This is how you would organize a presentation if you were presenting it at work.
3. You need a summary slide (before the reference slide); same reason as above.
4. Please do not forget to cite on slides where you are writing about something related to what you have read. Please consider each slide a paragraph. You can cite on the slides or in the notes. If you do not cite, you will not get credit for the slide.
- Direct quotes should not be used in this presentation as they are not analysis.
5. Remember, all I can evaluate is what you submit, so please consider using notes to explain what you are writing in further detail. Bullets are great and you can use these but then provide more detail in the notes.
6. Graphics - Please include graphics/charts/graphs as this is evaluated in the rubric (quality of the presentation).
7. References - For all references, you need citations. For all citations, you need references. They must match. All must be formatted using APA requirements. Please review the Quick Reference Guide that was posted in the announcements.
Please never hesitate to email me with any questions. If you need further clarification about feedback or if you do not agree with any of the feedback, please contact me. My door is always open.
Assignment 1
Positioning Statement and Motto
Use the provided information, as well as your own research, to assess one (1) of the stated brands (Tesla, SmoothieKing, Suave, or Nintendo) by completing the questions below with an ORIGINAL response to each. At the end of the worksheet, be sure to develop a new ORIGINAL positioning statement and motto for the brand you selected. Submit the completed template in the Week 4 assignment submission link.
Name:
Professor’s Name:
Course Title:
Date:
Company/Brand Selected (Tesla, SmoothieKing, Suave or Nintendo):
1. Target Customers/Users
Who are the target customers for the company/brand? Make sure you tell why you selected each item that you did. (NOTE: DO NO ...
More Related Content
Similar to httpswww.huffpost.comentryonline-dating-vs-offline_b_4037867.docx
📖 FREE eBook - 476 Pages
🔰 Complete Guide to Cyber Security Operation Center🔰
I’ve recently completed a book on SOC, a project close to my heart, that delves into the exciting realm of Security Automation, Orchestration, and Hyper-automation platforms in the SOC. If you’ve ever found yourself overwhelmed by the multitude of cybersecurity solutions, this post is designed to be your personal guide on developing a fully functional SOC.
This eBook comes with plenty of examples and illustrations to help you understand complex concepts, data collection requirements to incident response, automations, playbooks, integrations requirements under the scope of IT, IS and Cybersecurity.
A big shout out to Brad Voris for his review of the book, his insights made this book even richer.
Knowledge Areas Covered
✅ Enterprise architecture strategy to better formulate your SOC.
✅ Visibility & data ingress requirements for your SOC
✅ SOC functions, KPI’s, processes, frameworks, and automation requirements
✅ Derive your Analyst-JD aligned to international frameworks
✅ SOC organogram with Red, Blue, Purple team’s maturity, tactics, functions, activities
✅ SIEM & SOAR architecture design guidelines to achieve more from these integrations.
✅ Detection engineering with OSINT, CTEM.
✅ Incident response with CSIRT, DFIR.
✅ Tabletop exercises explained and operationalized
✅ Artificial Intelligence & Data Science in SOC
✅ How to develop your Open-source based SOC, full hardware BoQ, Network Design is provided
✅ Bonus Chapters: IT Project Management, VA/PT Plan, ITIL Strategy Frameworks, Jurisdiction Assignment Matrix etc.
📢 Download the eBook
👉 Download this eBook (pdf): https://lnkd.in/gTRnhmPp
👉 DM me for the DOCX version of the book.
👉 Join Discord: Please DM me on LinkedIn, I will Send you the link to join.
👉 1000+ Job aids – download extra documentation.
👉 60 Body of Knowledge (BoK) links.
👉 1500+ curated list of VA/PT tools as job aids.
👉 200+ References to support your SOC operations even further.
📢 Download all the available documents from here: https://lnkd.in/eNNUm9XW
📢 Download Job Aids: https://lnkd.in/gCKq6R-D
If you find it useful and informative, please share/repost the book with your network.
Written Assignment 1(25 points) 3-4 pages, not including cover or .docxodiliagilby
Written Assignment 1(25 points) 3-4 pages, not including cover or References pages
Locate an article describing a collective bargaining situation that has arisen within this year (2019). This article should be from a newspaper, an academic journal, or a credible online news source. Attach the article or give the link. Use a minimum of two additional references from the course materials to support your discussion and to respond to the questions in the assignment.
a. Using APA guidelines, state the proper citation for the article.
Then, summarize the situation, including:
b. What type of collective bargaining is this? (https://businessjargons.com/types-of-collective-bargaining.html)
c. What are the underlying causes of the dispute?
e. If there is any evidence of any illegal or unethical conduct on either side, describe it in detail.
f. Was the dispute resolved? If so, how?
g. In retrospect, could this dispute have been resolved in a more constructive fashion? If so, how?
REFERENCES TO USE:
https://open.lib.umn.edu/humanresourcemanagement/chapter/12-2-collective-bargaining/
http://www.law.cornell.edu/wex/labor
https://www.nlrb.gov/resources/nlrb-process/unfair-labor-practice-process-chart
bgloss.indd 312 11/26/2015 7:40:39 PM
Managing and Using
Information Systems
A STRATEGIC APPROACH
Sixth Edition
Keri E. Pearlson
KP Partners
Carol S. Saunders
W.A. Franke College of Business
Northern Arizona University
Dr. Theo and Friedl Schoeller Research Center for Business and Society
Dennis F. Galletta
Katz Graduate School of Business
University of Pittsburgh, Pittsburgh, PA
ffirs.indd 1 12/1/2015 12:34:39 PM
VICE PRESIDENT & DIRECTOR George Hoffman
EXECUTIVE EDITOR Lise Johnson
DEVELOPMENT EDITOR Jennifer Manias
ASSOCIATE DEVELOPMENT EDITOR Kyla Buckingham
SENIOR PRODUCT DESIGNER Allison Morris
MARKET SOLUTIONS ASSISTANT Amanda Dallas
SENIOR DIRECTOR Don Fowley
PROJECT MANAGER Gladys Soto
PROJECT SPECIALIST Nichole Urban
PROJECT ASSISTANT Anna Melhorn
EXECUTIVE MARKETING MANAGER Christopher DeJohn
ASSISTANT MARKETING MANAGER Puja Katariwala
ASSOCIATE DIRECTOR Kevin Holm
SENIOR CONTENT SPECIALIST Nicole Repasky
PRODUCTION EDITOR Loganathan Kandan
This book was set in 10/12 Times Roman by SPi Global and printed and bound by Courier Kendallville.
This book is printed on acid free paper.
Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding for more than 200 years, helping people
around the world meet their needs and fulfill their aspirations. Our company is built on a foundation of principles that include responsibility to
the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a global effort to address the
environmental, social, economic, and ethical challenges we face in our business. Among the issues we are addressing are carbon impact, paper
specifications an ...
You’re Not A Dog: How Lawyers Can Put Their Best Foot Forward OnlineRocket Matter, LLC
As famous New Yorker cartoon goes, “On the Internet, nobody knows you’re a dog.” But as a lawyer, “being a dog” may cost you your two most valuable assets, your reputation and your license.
Further, as the web continues to “go social”, web users will become better at identifying dogs. Let’s talk about how you can put your best foot forward online in an ethical, as well as, effective manner.
This slide deck is courtesy Gyi Tsakalakis, of AttorneySync.com. Gyi has been helping lawyers understand how to put the web to work for their practices since 2008. A former practicing attorney, Gyi is a law firm web strategist and owner at AttorneySync.
The Open Arms Project was created as a vehicle for current and former foster care children to share their experiences. Check out our slideshow presentation explaining our purpose.
httpswww.azed.govoelaselpsUse this to see the English Lang.docxpooleavelina
https://www.azed.gov/oelas/elps/
Use this to see the English Language Proficiency Standards of Arizona-Pick a grade level
https://cms.azed.gov/home/GetDocumentFile?id=54de1d88aadebe14a87070f0
http://www.corestandards.org/ELA-Literacy/introduction/how-to-read-the-standards/
how to read standards
Week 04
Acquisition and Customer Lifetime Value (CLV)
https://www.smh.com.au/politics/federal/nbn-customers-face-higher-prices-or-poorer-internet-connection-audit-warns-20190813-p52go7.html
Customer Relationship Management?
CRM is the process of carefully managing detailed information about individual
customers and all customer touch points to maximize customer loyalty.
Now closely associated with data warehousing and mining
Relationship
Relationship
Identifying good customers: RFM Model
Recency
Frequency
Monetary Value
Time/purchase occasions since the last purchase
Number of purchase occasions since first purchase
Amount spent since the first purchase
R
F
M
Total RFM Score: R Score + F score + M Score
CASE: Database for BookBinders Book Club
Predict response to a mailing for the book, Art History of Florence, based on the
following variables accumulated in the database and the responses to a test mailing:
Gender
Amount purchased
Months since first purchase
Months since last purchase
Frequency of purchase
Past purchases of art books
Past purchases of children’s books
Past purchases of cook books
Past purchases of DIY books
Past purchases of youth books
Recency
Frequency
Monetary
Example: RFM Model Scoring Criteria
R
Months from last
purchase
13-max 10-12 7-9 3-6 0-2
Score 5pts 10 15 20 25
F
Frequency > 30 21-30 16-20 11-15 0-10
Score 25pts 20 15 10 5
M
Amount
purchased
> 400 301-400 201-300 101- 200 100
Score 50 45 30 15 10
Implement using Nested If statements in Excel
Decile Classification
• Standard Assessment Method
• Apply the results of approach and
calculate the “score” of each individual
• Order the customers based on “score”
from the highest to the lowest
• Divide into deciles
• Calculate profits per deciles
Customer 1 Score 1.00
Customer 2 Score 0.99
….
Customer 230 Score 0.92
Customer 2300 Score 0.00
Decile1
Decile10
…
..
…
..
Output for Bookbinders club
Decile Score RFM No. of Mailings Cost of mailing RFM Units sold RFM Profit
10 17.6% 5000 $3,250 783 $4,733
20 34.8% 10000 $6,500 1,543 $9,243
30 46.1% 15000 $9,750 2,043 $11,093
40 53.4% 20000 $13,000 2,370 $11,170
50 65.2% 25000 $16,250 2,891 $13,241
60 77.9% 30000 $19,500 3,457 $15,757
70 83.3% 35000 $22,750 3,696 $14,946
80 91.7% 40000 $26,000 4,065 $15,465
90 97.5% 45000 $29,250 4,326 $14,876
100 100.0% 50000 $32,500 4,435 $12,735
Note: Market Potential = 4435 units and margin = $10.20
Leaky bucket
New customer
acquisition
Purchase increase by
current customers
Purchase decrease by
current customers
Lost customers
Lost customers
Credit Card Rewards Program ...
httpfmx.sagepub.comField Methods DOI 10.117715258.docxpooleavelina
http://fmx.sagepub.com
Field Methods
DOI: 10.1177/1525822X04269550
2005; 17; 30 Field Methods
Don A. Dillman and Leah Melani Christian
Survey Mode as a Source of Instability in Responses across Surveys
http://fmx.sagepub.com/cgi/content/abstract/17/1/30
The online version of this article can be found at:
Published by:
http://www.sagepublications.com
can be found at:Field Methods Additional services and information for
http://fmx.sagepub.com/cgi/alerts Email Alerts:
http://fmx.sagepub.com/subscriptions Subscriptions:
http://www.sagepub.com/journalsReprints.navReprints:
http://www.sagepub.com/journalsPermissions.navPermissions:
http://fmx.sagepub.com/cgi/content/refs/17/1/30 Citations
at SAGE Publications on September 9, 2009 http://fmx.sagepub.comDownloaded from
http://fmx.sagepub.com/cgi/alerts
http://fmx.sagepub.com/subscriptions
http://www.sagepub.com/journalsReprints.nav
http://www.sagepub.com/journalsPermissions.nav
http://fmx.sagepub.com/cgi/content/refs/17/1/30
http://fmx.sagepub.com
10.1177/1525822X04269550FIELD METHODSDillman, Christian / SURVEY MODE AS SOURCE OF INSTABILITY
Survey Mode as a Source of Instability
in Responses across Surveys
DON A. DILLMAN
LEAH MELANI CHRISTIAN
Washington State University
Changes in survey mode for conducting panel surveys may contribute significantly to
survey error. This article explores the causes and consequences of such changes in
survey mode. The authors describe how and why the choice of survey mode often
causes changes to be made to the wording of questions, as well as the reasons that
identically worded questions often produce different answers when administered
through different modes. The authors provide evidence that answers may change as a
result of different visual layouts for otherwise identical questions and suggest ways
to keep measurement the same despite changes in survey mode.
Keywords: survey mode; questionnaire; panel survey; measurement; survey error
Most panel studies require measurement of the same variables at different
times. Often, participants are asked questions, several days, weeks, months,
or years apart to measure change in some characteristics of interest to the
investigation. These characteristics might include political attitudes, satis-
faction with a health care provider, frequency of a behavior, ownership of
financial resources, or level of educational attainment. Whatever the charac-
teristic of interest, it is important that the question used to ascertain it perform
the same across multiple data collections.
In addition, declining survey response rates, particularly for telephone
surveys, have encouraged researchers to use multiple modes of data collec-
tion during the administration of a single cross-sectional survey. Encouraged
by the availability of more survey modes than in the past and evidence that a
change in modes produces higher response rates (Dillman 2002), surveyors
This is a revision of a paper presented at t ...
https://iexaminer.org/fake-news-personal-responsibility-must-trump-intellectual-laziness/
Fake news: Personal responsibility must trump intellectual laziness
By Matt Chan January 4, 2017
Where do you get your news? That question has become incredibly important given the results of our Presidential Election. How many times have you heard, “I read a news story on Facebook and …” The problem: Facebook is not a news service; it’s a “social media” site whose purpose is to connect like-minded friends and family, to provide you with social connections, and online entertainment.
For Asian Americans social media provides an important and useful way of connecting socially and in some cases politically, but there is a downside. The downside is how social media actually works. These sites employ elaborate algorithms to track and analyze your posts, likes, and dislikes to provide you with a custom experience unique to you. The truth is you are being marketed to, not informed. What looks like news, is not really news, it’s personal validation. All in an attempt to keep you on the site longer, to click a few more things, to make you feel good about what you’re reading. It makes it seem like most people agree with you because you’re only fed information and stories that validate your worldview.
On the other hand, real news is hard work. Its fact-based information presented by people who have checked, researched, and documented what they are presenting as the truth. Real news can be verified.
“Fake News” is, well, fake, often times entirely made-up or containing a hint of truth. Social media was largely responsible for pushing “fake news” stories that were entirely made up to drive clicks on websites. These clicks in turn generated money for the people promoting the stories. The more outrageous the story, the more clicks, the more revenue. When you factor in the algorithms that feed you what you like, you can clearly see the more “fake news” you consume on social media, the more is pushed your way. There’s an abundance of pseudo news sites that merely re-post and curate existing stories, adding their bias to validate their audience’s beliefs, no matter how crazy or mainstream. It is curated solely for you. Now factor in that nearly 44% of Americans obtain some or most of their news from social media and you have a very toxic mix.
The mainstream news media has also fallen into this validation trap. You have one news network that solely reflects the right wing, others that take the view of the left-center leaning, and what is lost are the facts and context, the balance we need to evaluate, learn, and understand the world. People seeking fact-based journalism lose, because the more extreme the media becomes to entice consumers with provocative headlines and click-bait to earn more money, the less their news is fact-based and becomes more opinion driven.
There was a time when fact-based reporting was required of broadcast news. It was called “The Fairness Doctrin ...
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxpooleavelina
http://1500cms.com/
BECAUSE THIS FORM IS USED BY VARIOUS GOVERNMENT AND PRIVATE HEALTH PROGRAMS, SEE SEPARATE INSTRUCTIONS ISSUED BY
APPLICABLE PROGRAMS.
NOTICE: Any person who knowingly files a statement of claim containing any misrepresentation or any false, incomplete or misleading information may
be guilty of a criminal act punishable under law and may be subject to civil penalties.
REFERS TO GOVERNMENT PROGRAMS ONLY
MEDICARE AND CHAMPUS PAYMENTS: A patient’s signature requests that payment be made and authorizes release of any information necessary to process
the claim and certifies that the information provided in Blocks 1 through 12 is true, accurate and complete. In the case of a Medicare claim, the patient’s signature
authorizes any entity to release to Medicare medical and nonmedical information, including employment status, and whether the person has employer group health
insurance, liability, no-fault, worker’s compensation or other insurance which is responsible to pay for the services for which the Medicare claim is made. See 42
CFR 411.24(a). If item 9 is completed, the patient’s signature authorizes release of the information to the health plan or agency shown. In Medicare assigned or
CHAMPUS participation cases, the physician agrees to accept the charge determination of the Medicare carrier or CHAMPUS fiscal intermediary as the full charge,
and the patient is responsible only for the deductible, coinsurance and noncovered services. Coinsurance and the deductible are based upon the charge
determination of the Medicare carrier or CHAMPUS fiscal intermediary if this is less than the charge submitted. CHAMPUS is not a health insurance program but
makes payment for health benefits provided through certain affiliations with the Uniformed Services. Information on the patient’s sponsor should be provided in those
items captioned in “Insured”; i.e., items 1a, 4, 6, 7, 9, and 11.
BLACK LUNG AND FECA CLAIMS
The provider agrees to accept the amount paid by the Government as payment in full. See Black Lung and FECA instructions regarding required procedure and
diagnosis coding systems.
SIGNATURE OF PHYSICIAN OR SUPPLIER (MEDICARE, CHAMPUS, FECA AND BLACK LUNG)
I certify that the services shown on this form were medically indicated and necessary for the health of the patient and were personally furnished by me or were furnished
incident to my professional service by my employee under my immediate personal supervision, except as otherwise expressly permitted by Medicare or CHAMPUS
regulations.
For services to be considered as “incident” to a physician’s professional service, 1) they must be rendered under the physician’s immediate personal supervision
by his/her employee, 2) they must be an integral, although incidental part of a covered physician’s service, 3) they must be of kinds commonly furnished in physician’s
offices, and 4) the services of nonphysicians must be included on the physician’s bills.
For CHA ...
https://www.medicalnewstoday.com/articles/323444.php
https://ascopubs.org/doi/full/10.1200/JCO.2008.16.0333
https://journals.lww.com/co-hematology/Abstract/2007/03000/Influence_of_new_molecular_prognostic_markers_in.5.aspx
Influence of new molecular prognostic markers in patients with karyotypically normal acute myeloid leukemia: recent advances
Mrózek, Krzysztofa; Döhner, Hartmutb; Bloomfield, Clara Da
Current Opinion in Hematology: March 2007 - Volume 14 - Issue 2 - p 106–114
doi: 10.1097/MOH.0b013e32801684c7
Myeloid disease
Purpose of review Molecular study of cytogenetically normal acute myeloid leukemia is among the most active areas of leukemia research. Despite having the same normal karyotype, adults with de-novo cytogenetically normal acute myeloid leukemia who constitute the largest cytogenetic group of acute myeloid leukemia, are very diverse with respect to acquired gene mutations and gene expression changes. These genetic alterations affect clinical outcome and may assist in selection of proper treatment. Herein we critically summarize recent clinically relevant molecular genetic studies of cytogenetically normal acute myeloid leukemia.
Recent findings NPM1 gene mutations causing aberrant cytoplasmic localization of nucleophosmin have been demonstrated to be the most frequent submicroscopic alterations in cytogenetically normal acute myeloid leukemia and to confer improved prognosis, especially in patients without a concomitant FLT3 gene internal tandem duplication. Overexpressed BAALC, ERG and MN1 genes and expression of breast cancer resistance protein have been shown to confer poor prognosis. A gene-expression signature previously suggested to separate cytogenetically normal acute myeloid leukemia patients into prognostic subgroups has been validated on a different microarray platform, although gene-expression signature-based classifiers predicting outcome for individual patients with greater accuracy are still needed.
Summary The discovery of new prognostic markers has increased our understanding of leukemogenesis and may lead to improved prognostication and generation of novel risk-adapted therapies.
http://www.bloodjournal.org/content/127/1/53?sso-checked=true
An update of current treatments for adult acute myeloid leukemia
Hervé Dombret and Claude Gardin
Abstract
Recent advances in acute myeloid leukemia (AML) biology and its genetic landscape should ultimately lead to more subset-specific AML therapies, ideally tailored to each patient's disease. Although a growing number of distinct AML subsets have been increasingly characterized, patient management has remained disappointingly uniform. If one excludes acute promyelocytic leukemia, current AML management still relies largely on intensive chemotherapy and allogeneic hematopoietic stem cell transplantation (HSCT), at least in younger patients who can tolerate such intensive treatments. Nevertheless, progress has been made, notably in terms of standard drug dose in ...
httpstheater.nytimes.com mem theater treview.htmlres=9902e6.docxpooleavelina
https://theater.nytimes.com/ mem/ theater/ treview.html?res=9902e6db1639f931a25753c1a962948260
THEATER: WILSON'S 'MA RAINEY'S' OPENS
By FRANK RICH
Published: October 12, 1984, Friday
LATE in Act I of ''Ma Rainey's Black Bottom,'' a somber, aging band trombonist (Joe Seneca) tilts his head heavenward to sing the blues. The setting is a dilapidated Chicago recording studio of 1927, and the song sounds as old as time. ''If I had my way,'' goes the lyric, ''I would tear this old building down.''
Once the play has ended, that lyric has almost become a prophecy. In ''Ma Rainey's Black Bottom,'' the writer August Wilson sends the entire history of black America crashing down upon our heads. This play is a searing inside account of what white racism does to its victims - and it floats on the same authentic artistry as the blues music it celebrates. Harrowing as ''Ma Rainey's'' can be, it is also funny, salty, carnal and lyrical. Like his real-life heroine, the legendary singer Gertrude (Ma) Rainey, Mr. Wilson articulates a legacy of unspeakable agony and rage in a spellbinding voice.
The play is Mr. Wilson's first to arrive in New York, and it reached here, via the Yale Repertory Theater, under the sensitive hand of the man who was born to direct it, Lloyd Richards. On Broadway, Mr. Richards has honed ''Ma Rainey's'' to its finest form. What's more, the director brings us an exciting young actor - Charles S. Dutton - along with his extraordinary dramatist. One wonders if the electricity at the Cort is the same that audiences felt when Mr. Richards, Lorraine Hansberry and Sidney Poitier stormed into Broadway with ''A Raisin in the Sun'' a quarter-century ago.
As ''Ma Rainey's'' shares its director and Chicago setting with ''Raisin,'' so it builds on Hansberry's themes: Mr. Wilson's characters want to make it in white America. And, to a degree, they have. Ma Rainey (1886-1939) was among the first black singers to get a recording contract - albeit with a white company's ''race'' division. Mr. Wilson gives us Ma (Theresa Merritt) at the height of her fame. A mountain of glitter and feathers, she has become a despotic, temperamental star, complete with a retinue of flunkies, a fancy car and a kept young lesbian lover.
The evening's framework is a Paramount-label recording session that actually happened, but whose details and supporting players have been invented by the author. As the action swings between the studio and the band's warm-up room - designed by Charles Henry McClennahan as if they might be the festering last- chance saloon of ''The Iceman Cometh'' - Ma and her four accompanying musicians overcome various mishaps to record ''Ma Rainey's Black Bottom'' and other songs. During the delays, the band members smoke reefers, joke around and reminisce about past gigs on a well-traveled road stretching through whorehouses and church socials from New Orleans to Fat Back, Ark.
The musicians' speeches are like improvised band solos - variously fiz ...
https://fitsmallbusiness.com/employee-compensation-plan/
The puzzle of motivation | Dan Pink [Video file]. Retrieved from https://www.youtube.com/watch?v=rrkrvAUbU9Y
Refining the total rewards package through employee input at MillerCoors [Video file]. Retrieved from https://www.youtube.com/watch?v=_I7nv0B4_NU&feature=youtu.be
How to design an employee compensation plan [SlideShare slides]. Retrieved from http://www.slideshare.net/FitSmallBusiness/how-to-design-a-compensation-plan-dave?ref=http://fitsmallbusiness.com/how-to-pay-employees/
Compensation strategies [Video file]. Retrieved from https://youtu.be/U2wjvBigs7w
· Expectations for Power Point Presentations in Units IV and V
I would like to provide information about what needs to be included in presentations. Please review the rubric prior to submitting any assignment. If you don't know where to find this, please contact me.
1. You need a title slide.
2. You need an overview of the presentation slide (slide after the title slide). This is how you would organize a presentation if you were presenting it at work.
3. You need a summary slide (before the reference slide); same reason as above.
4. Please do not forget to cite on slides where you are writing about something related to what you have read. Please consider each slide a paragraph. You can cite on the slides or in the notes. If you do not cite, you will not get credit for the slide.
- Direct quotes should not be used in this presentation as they are not analysis.
5. Remember, all I can evaluate is what you submit, so please consider using notes to explain what you are writing in further detail. Bullets are great and you can use these but then provide more detail in the notes.
6. Graphics - Please include graphics/charts/graphs as this is evaluated in the rubric (quality of the presentation).
7. References - For all references, you need citations. For all citations, you need references. They must match. All must be formatted using APA requirements. Please review the Quick Reference Guide that was posted in the announcements.
Please never hesitate to email me with any questions. If you need further clarification about feedback or if you do not agree with any of the feedback, please contact me. My door is always open.
Assignment 1
Positioning Statement and Motto
Use the provided information, as well as your own research, to assess one (1) of the stated brands (Tesla, SmoothieKing, Suave, or Nintendo) by completing the questions below with an ORIGINAL response to each. At the end of the worksheet, be sure to develop a new ORIGINAL positioning statement and motto for the brand you selected. Submit the completed template in the Week 4 assignment submission link.
Name:
Professor’s Name:
Course Title:
Date:
Company/Brand Selected (Tesla, SmoothieKing, Suave or Nintendo):
1. Target Customers/Users
Who are the target customers for the company/brand? Make sure you tell why you selected each item that you did. (NOTE: DO NO ...
http://hps.org/documents/pregnancy_fact_sheet.pdf
https://www.asge.org/docs/default-source/education/practice_guidelines/doc-5c7150fd-910a-4181-89bf-bc697b369103.pdf?sfvrsn=6
http://hps.org/hpspublications/articles/pregnancyandradiationexposureinfosheet.html
Data Science
and
Big Data Analytics
Chapter 12: The Endgame, or Putting It All Together
1
Chapter Contents
12.1 Communicating and Operationalizing an Analytics Project
12.2 Creating the Final Deliverables
Developing core material for multiple audiences, project goals, main findings, approach, model description, key points supported with data, model details, recommendations, tips on final presentation, providing technical specifications and code
12.3 Data Visualization Basics
Key points supported with data, evolution of a graph, common representation methods, how to clean up a graphic, additional considerations
Summary
2
12.1 Communicating and Operationalizing an Analytics Project
3
12.1 Communicating and Operationalizing an Analytics Project
Deliverables and Stakeholders
4
12.1 Communicating and Operationalizing an Analytics Project
Deliverables
General Deliverables – from Textbook
Presentation for Project Sponsors
Presentation for Analysts
Code
Technical Specifications
Deliverables For This Course
Presentation for Analysts – half hour per team, next week
Technical Paper for Research Day Conference
Submit CD – Presentation, Paper, Data or URL, Code
5
12.2 Creating the Final Deliverables
Case Study – Fictional Bank Churn Prediction
This section describes a scenario of a fictional bank and a churn prediction model of its customers
The analytic plan contains components that can be used as inputs for writing the final presentations
scope
underlying assumptions
modeling techniques
initial hypotheses
and key findings
6
12.2 Creating the Final Deliverables
Case Study – Fictional Bank Churn Prediction
7
12.2 Creating the Final Deliverables
Case Study – Fictional Bank Analytics Plan
8
12.2 Creating the Final Deliverables
12.2.1 Developing Core Material for Multiple Audiences
Some project components have dual use
Create core materials used for both analyst and business audiences
Three areas on the next slide used for both audiences
Sections after the following overview slide
12.2.2 – Project Goals
12.2.3 – Key Findings
12.2.4 – Approach
12.2.5 – Model Description
12.2.6 – Key Points Supported by Data
12.2.7 – Model Details
12.2.8 – Recommendations
12.2.9 – Additional Tips on the Final Presentation
12.2.10 – Providing Technical Specifications and Code
9
12.2 Creating the Final Deliverables
12.2.1 Developing Core Material for Multiple Audiences
10
12.2 Creating the Final Deliverables
12.2.2 Project Goals
The project goals portion of the final presentation is generally the same for sponsors and analysts
The project goals are described first to lay the groundwork for the solution and recommendations
Generally, the goals are agreed on earl ...
https://www.worldbank.org/en/country/vietnam/overview
-------------- Context ----------------
Vietnam’s development over the past 30 years has been remarkable. Economic and political reforms under Đổi Mới, launched in 1986, have spurred rapid economic growth, transforming what was then one of the world’s poorest nations into a lower middle-income country. Between 2002 and 2018, more than 45 million people were lifted out of poverty. Poverty rates declined sharply from over 70% to below 6% (US$3.2/day PPP), and GDP per capita increased by 2.5 times, standing over US$2,500 in 2018.
In the medium-term, Vietnam’s economic outlook is positive, despite signs of cyclical moderation in growth. After peaking at 7.1% in 2018, real GDP growth in 2019 is projected to slightly decelerate in 2019, led by weaker external demand and continued tightening of credit and fiscal policies. Real GDP growth is projected to remain robust at around 6.5% in 2020 and 2021. Annual headline inflation has been stable for the seven consecutive years – at single digits, trending towards 4% and below in recent years. The external balance remains under control and should continue to be financed by strong FDI inflows which reached almost US$18 billion in 2018 – accounting for almost 24% of total investment in the economy.
Vietnam is experiencing rapid demographic and social change. Its population reached 97 million in 2018 (up from about 60 million in 1986) and is expected to expand to 120 million before moderating around 2050. Today, 70% of the population is under 35 years of age, with a life expectancy of 76 years, the highest among countries in the region at similar income levels. But the population is rapidly aging. And an emerging middle class, currently accounting for 13% of the population, is expected to reach 26% by 2026.
Vietnam ranks 48 out of 157 countries on the human capital index (HCI), second in ASEAN behind Singapore. A Vietnamese child born today will be 67% as productive when she grows up as she could be if she enjoyed complete education and full health. Vietnam’s HCI is highest among middle-income countries, but there are some disparities within the country, especially for ethnic minorities. There would also be a need to upgrade the skill of the workforce to create productive jobs at a large scale in the future.
Over the last thirty years, the provision of basic services has significantly improved. Access of households to modern infrastructure services has increased dramatically. As of 2016, 99% of the population used electricity as their main source of lighting, up from 14 % in 1993. Access to clean water in rural areas has also improved, up from 17% in 1993 to 70% in 2016, while that figure for urban areas is above 95%.
Vietnam performs well on general education. Coverage and learning outcomes are high and equitably achieved in primary schools — evidenced by remarkably high scores in the Program for International Student Assessment (PISA) in 2012 and 2015, ...
HTML WEB Page solutionAbout.htmlQuantum PhysicsHomeServicesAbou.docxpooleavelina
HTML WEB Page solution/About.htmlQuantum PhysicsHomeServicesAboutContact Me
This website gives a detail inward look in quantam physics as it is a evolving field now-a-days and has many upcoming changes that is going to leave the world in shock. There has been a lot of confusion lately related to this topics in people so it is encourage that people visit this website and get to know more about this field and explore the horizons there is yet to come.
HTML WEB Page solution/FirstLastHomePage.htmlQuantum PhysicsHomeServicesAboutContact Me
Definition
Quantum mechanics is the part of material science identifying with the little.
It brings about what may have all the earmarks of being some extremely peculiar decisions about the physical world. At the size of particles and electrons, a significant number of the conditions of old style mechanics, which depict how things move at ordinary sizes and speeds, stop to be helpful. In traditional mechanics, objects exist in a particular spot at a particular time. Be that as it may, in quantum mechanics, protests rather exist in a fog of likelihood; they have a specific possibility of being at point An, another possibility of being at point B, etc.Three revolutionary principles
Quantum mechanics (QM) created over numerous decades, starting as a lot of questionable scientific clarifications of tests that the math of old style mechanics couldn't clarify. It started at the turn of the twentieth century, around a similar time that Albert Einstein distributed his hypothesis of relativity, a different numerical unrest in material science that portrays the movement of things at high speeds. In contrast to relativity, nonetheless, the sources of QM can't be credited to any one researcher. Or maybe, various researchers added to an establishment of three progressive rules that bit by bit picked up acknowledgment and exploratory confirmation somewhere in the range of 1900 and 1930. They are:
Quantized properties:
Certain properties, for example, position, speed and shading, can once in a while just happen in explicit, set sums, much like a dial that "clicks" from number to number. This tested a crucial presumption of old style mechanics, which said that such properties should exist on a smooth, ceaseless range. To portray the possibility that a few properties "clicked" like a dial with explicit settings, researchers begat the word "quantized".
Particles of light:
Light can now and again act as a molecule. This was at first met with unforgiving analysis, as it negated 200 years of trials indicating that light acted as a wave; much like waves on the outside of a quiet lake. Light acts comparatively in that it ricochets off dividers and twists around corners, and that the peaks and troughs of the wave can include or counteract. Included wave peaks bring about more splendid light, while waves that counterbalance produce obscurity. A light source can be thought of ...
https://www.vitalsource.com/products/comparative-criminal-justice-systems-harry-r-dammer-jay-s-v9781285630779
THE ASSIGNMENT IS BASED ON CHAPTER 1 (ONE)
Login : [email protected]
Password: Greekyogurt13!
1
3Defining the Problem
Rigina CochranMPA/593
August 19, 2019
Peter ReevesDefining the Problem
The health care system in Colorado is a composition of medical professionals providing services such as diagnosis, treatment, as well as preventive measures to mental illness and injuries ("Healthcare policy in Colorado - Ballotpedia," 2019). Health care policy involves the establishment and implementation of legislation and other regulations that the states use to manage its health care system effectively. Further, this sector consists of other participants, such as insurance and health information technology. The cost citizens pay for medical care and also the access to quality care influence the overall health care providers in Colorado. Therefore, the need for the creation and implementation of laws that help the state maintain efficiency in the health sector in Colorado.
Problem Statement
The declining standards of medical care within the United States has caused significant concern in the world. Due to these rising concerns, there have been various policies implemented, leading to mixed reactions among the different states. Some of the active policies implemented offer a long-term solution to this problem including Medicaid and Medicare. After acquiring state control, the Republicans dismissed the idea to expand and create medical insurance for Medicaid in Colorado. Sustaining the structure of the health care payroll calls for the deductions from the employees and the employers, which may lead to loss of jobs and increased burden of expenditure (Garcia, 2019).
Identify the Methodology
The main objective of this policy plan is to investigate the role of legislation in the management of the health care sector in the United States. Due to the need for achieving in-depth exploration, this paper uses a combination of both qualitative and quantitative methods of data collection by addressing both practical and theoretical aspects of the research. Based on the answers that the policy requires, choosing survey as the research design. This method involves collecting and analyzing data from a few people who represent the principal group within health care. However, the survey method faces some challenges such as attitudes and perception of the health workers leading to the delimitation of the study. The target population for the study includes the nurses within the health sectors in Colorado. The selection of the participants involved in the use of stratified random sampling.
Identify your Stakeholders
The major stakeholders in the creation and implementation of the policy plan include the legislatures, local government, patients, and other private parties such as the insurance companies. Collectively, these bodies are involved in the makin ...
https://www.nationaleatingdisorders.org/learn/by-eating-disorder/arfid
AVOIDANT RESTRICTIVE FOOD INTAKE DISORDER (ARFID)
Avoidant Restrictive Food Intake Disorder (ARFID) is a new diagnosis in the DSM-5, and was previously referred to as “Selective Eating Disorder.” ARFID is similar to anorexia in that both disorders involve limitations in the amount and/or types of food consumed, but unlike anorexia, ARFID does not involve any distress about body shape or size, or fears of fatness.
Although many children go through phases of picky or selective eating, a person with ARFID does not consume enough calories to grow and develop properly and, in adults, to maintain basic body function. In children, this results in stalled weight gain and vertical growth; in adults, this results in weight loss. ARFID can also result in problems at school or work, due to difficulties eating with others and extended times needed to eat.
DIAGNOSTIC CRITERIA
According to the DSM-5, ARFID is diagnosed when:
· An eating or feeding disturbance (e.g., apparent lack of interest in eating or food; avoidance based on the sensory characteristics of food; concern about aversive consequences of eating) as manifested by persistent failure to meet appropriate nutritional and/or energy needs associated with one (or more) of the following:
· Significant weight loss (or failure to achieve expected weight gain or faltering growth in children).
· Significant nutritional deficiency.
· Dependence on enteral feeding or oral nutritional supplements.
· Marked interference with psychosocial functioning.
· The disturbance is not better explained by lack of available food or by an associated culturally sanctioned practice.
· The eating disturbance does not occur exclusively during the course of anorexia nervosa or bulimia nervosa, and there is no evidence of a disturbance in the way in which one’s body weight or shape is experienced.
· The eating disturbance is not attributable to a concurrent medical condition or not better explained by another mental disorder. When the eating disturbance occurs in the context of another condition or disorder, the severity of the eating disturbance exceeds that routinely associated with the condition or disorder and warrants additional clinical attention.
RISK FACTORS
As with all eating disorders, the risk factors for ARFID involve a range of biological, psychological, and sociocultural issues. These factors may interact differently in different people, which means two people with the same eating disorder can have very diverse perspectives, experiences, and symptoms. Researchers know much less about what puts someone at risk of developing ARFID, but here’s what they do know:
· People with autism spectrum conditions are much more likely to develop ARFID, as are those with ADHD and intellectual disabilities.
· Children who don’t outgrow normal picky eating, or in whom picky eating is severe, appear to be more likely to develop ARFID.
· Many children with ARFID ...
https://www.youtube.com/watch?time_continue=59&v=Bh_oEYX1zNM&feature=emb_logo
BA 325 Pivot Table Assignment Answer Sheet
Name:
Before you do anything fill out your name on the assignment and save your file as BA325 Firstname Lastname (use your actual name).
The table has all of the questions from the DuPont Assignment. Fill in your answers to the questions in the corresponding cell in the Answer column. Below the table there is a spot for the Screen Clippings from both the Practice Assignment, and the DuPont Assignment.
After you have filled out all of the answers and Screen Clippings submit the file to the Assignments folder in D2L.
Q Number
Question
Answer
Q1
How much was American Airlines’ Net Revenues in 2013?
Q2
What was the Return on Equity for Apple in 2015?
Q3
Which company had the highest Net Income and in which year? What was the value?
Q4
Which company had the lowest Net Income and in which year? What was the value?
Q5
How many unique companies in your sample had Net Losses exceeding one billion dollars? Which companies, and what years?
Q6
What was the Sum of the Net Income for all companies in the sample for 2015?
Q7
Which company had the highest total Net Income over the three year period? What was the value?
Q8
Which company had the lowest total Net Income over the three year period? What was the value?
Q9
Which industry had the highest Average Profit Margin over the three year period? What was the value?
Q10
In which year was the Average Profit Margin the highest for the entire sample? What was the value?
Q11
For how many companies do you have Profit Margin ratio data in 2013?
Q12
For what Industry do you have the most Profit Margin ratio data in the sample? What was the value? For that Industry what year was the highest? What was the value?
Q13
Which Industry has the highest Average Asset Turnover over the three year period? What was the value?
Q14
Which of the remaining Industries has the highest Asset Turnover in 2014? What was the value?
Q15
Which Industry has the highest Average Financial Leverage over the three year period? What was the value?
Q16
Which Industry has the lowest Average Financial Leverage that does not include negative numbers in any year? What was the value?
Q17
What is the Average Financial Leverage for the Transportation Industry in 2013?
Note: The answer is odd. You will have to use Data Cleaning to resolve the issue.
Q18
Which Industry has the highest Average Return on Equity over the three year period and which company is the highest within that Industry? What are the values?
Q19
Which two companies in the Public Utilities Industry have the highest Average Return on Equity during the period? What are the values?
Q20
Which Industry had the largest decrease in Average Return on Equity between 2013 and 2014? What was the value?
Q21
Which Industry had the largest increase in Average Return on Equity between 2014 and 2015? What was the value?
Q22
Bonus Question 1: How many industrie ...
https://www.fbi.gov/news/pressrel/press-releases/fbi-expects-a-rise-in-scams-involving-cryptocurrency-related-to-the-covid-19-pandemic
https://www.coindesk.com/bitcoin-bulls-trillions-coronavirus-aid
https://www.forbes.com/sites/walterpavlo/2020/02/25/crime-and-punishment-in-the-cryptocurrency-world/#62232a6748fe
Running head: Bitcoin as a cryptocurrency 1
Bitcoin as a cryptocurrency 8Bitcoin as a Cryptocurrency of Misconduct
Roger F. Lewis
Miami Dade College-North Campus
June 5, 2019
Bitcoin as a Cryptocurrency of Misconduct
In the expansion of cryptocurrencies in particular bitcoins have resulted in providing clients with exceptional advantages, the advantages in this matter have not had their hazards and struggles. In the peculiar free mode in the cryptocurrency arcade, it has been in constant misuse and linked to several illegal activities. Lawmakers globally repetitively stumble upon this very position (Anon,2019). The tendency on allowing a market to settle on its fosters this activity as the lawmakers tend to abstain from events of the market. They cannot also sit by and enable misconduct behaviors to foster in the markets. Tracking the cryptocurrency action has proved to be much more complicated than the standard plugged-in transactions. The bottom line is that these transactions occur globally has established a headache to try and monitor this particular field. The release of the bitcoin in the year two thousand and nine as the world’s pioneer and most profound mode of cryptocurrency was a breakthrough in the industry. Cryptocurrency, on the other hand, is the mode of exchange that occurs only in the digital dimension. Cryptocurrency uses complex codes as a skill of protecting data. Thus, monetary transactions are carried out most safely (Anon,2019). A public ledger is used to know the actual owner of a particular cryptocurrency.
Assets in the digital market portray distinctive characteristics –delegation, simple connections between members as well as the relative use of modern technology, many have the thought or mindset that in time bitcoins will be used as a forthcoming currency. To understand the illegal uses of bitcoins we must first address the non-illegal activities in this field. As earlier stated, there is a possibility that the bitcoins will indeed replace the current custom. One can lawfully use bid coins in the following areas; travels, to pay tuition fee for institutions and can be used as an alternative where the standards of payment are online. The above depicts numerous ways can use bitcoins to settle their bills. The difference in value between the bitcoins and the traditional currency leads to individuals opting to use the bitcoins for exchange in cases or scenarios where a high exchange rate is noted, and alternatively, the opposite is exact. Chargebacks risk is reduced in the event of using bitcoins, therefore easing access to the broader market for traders. In the event of unlawful trades, both ends to ...
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
1. https://www.huffpost.com/entry/online-dating-vs-
offline_b_4037867
For your initial post, provide a sentence to share which article
you are referring to so that you can best communicate with your
peers. Include a link to your selection.
· Explain how the argument contains or avoids bias.
i. Provide specific examples to support your explanation.
ii. What assumptions does it make?
· Discuss the credibility of the overall argument.
i. Were the resources the argument was built upon credible?
ii. Does the credibility support or undermine the article’s claims
in any important ways?
In response to your peers, provide an additional resource to
support or refute the argument your peer makes. Do you agree
with their claims of credibility? Are there any other possible
bias not identified?
Response #1
Allysa Tantala posted Sep 22, 2019 10:17 PM
Subscribe
The article that I am looking at is Online Dating Vs. Offline
Dating: Pros and Cons.It was written by Julie Spira, an online
dating expert, bestselling author, and CEO of Cyber-Dating
Expert. The name of the article is spot on in describing what it
is about. The author goes through the pros and cons of dating
online and offline in today’s day and age. The author avoids
bias because she looks at both options in both their positive and
negative attributes. She comes at the issues from both angles
and I believe she does a very good job at remaining unbiased.
She states that “if you're serious about meeting someone
special, you must include a combination of both online and
offline dating in your routine” (Spira, 2013, par. 18). She’s
stating that both options have their pros and cons and that really
2. a combination of both is needed to find someone. The only bias
I could see anyone pointing out would be that she is a woman,
so you do not get the male perspective on these things. That
being said, I one hundred percent think she covers all of the
questions people may have about online and offline dating in
today’s world. The only assumption being made here is that the
reader wants to be out in the dating world and they need to
know what is best. But, the title of the article is pretty self-
explanatory so if someone did not want to know these things,
they would not have to waste their time reading it all because
they could tell what it would be about by the title.
The resource that she used was herself, and like I stated above,
she is an online dating expert, bestselling author, and CEO of
Cyber-Dating Expert; so she is more than qualified to give her
perspective on these issues. I find her to be credible and thought
provoking. Her credibility supports everything the article says
and makes the reader feel like they are being told the truth by
someone who completely understands all of the pros and cons.
Resource:
Spira, J. (2013, December 3). Online Dating Vs. Offline Dating:
Pros and Cons. Retrieved
from https://www.huffpost.com/entry/online-dating-vs-
offline_b_4037867
Response #2
Jennifer Caforio posted Sep 22, 2019 3:07 PM
Subscribe
Hello all,
I chose to look at online vs. offline dating. The article I will be
looking at is Online Dating Vs. Offline Dating: Pros and Cons.
The article I have selected avoids bias. It does this by offering
pros and cons of both dating platforms. She does not claim that
one is better, rather, they are both very important to today’s
society when looking for a partner (Spira, 2013). Spira says “As
3. one who believes in casting a wide net, I tell singles that you
really need to do both. (Spira, 2013) I feel that this sentence
clears any bias of any dating platform. She also goes on to list
the pros and cons of online dating and the pros and cons on
traditional dating. The listing of both platforms shows the
reader the complete picture, this can lead the reader to decide
independently.
This article makes the assumption that online dating is just as
important as offline dating. This platform is valuable and
useful. Although this article is well written and contains no bias
it is not very credible. It does express valuable and sensible
claims; however, it does not support them. the resources in the
article were not credible in that no other resources are listed.
Julia Spira lists herself as an online dating expert, she does
appear to have many years’ experience in the area. She
references (in general) other dating experts or sites that agree
with her views, she does not list them with a name or title of
works published. The credibility of this article undermines the
argument’s claims by not listing any other credible resources on
the subject. Although she presents logical thinking and non-bias
testimony it appears it is the opinion of only herself.
Resources
Spira, J. (2013, December 3). Online Dating Vs. Offline Dating:
Pros and Cons. Retrieved from
https://www.huffpost.com/entry/online-dating-vs-
offline_b_4037867
www.it-ebooks.info
http://www.it-ebooks.info/
5. Published simultaneously in Canada
ISBN: 978-1-118-80999-0
ISBN: 978-1-118-82269-2 (ebk)
ISBN: 978-1-118-81005-7 (ebk)
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
No part of this publication may be reproduced, stored in a
retrieval system or transmitted in any form or
by any means, electronic, mechanical, photocopying, recording,
scanning or otherwise, except as permitted
under Sections 107 or 108 of the 1976 United States Copyright
Act, without either the prior written permis-
sion of the Publisher, or authorization through payment of the
appropriate per-copy fee to the Copyright
Clearance Center, 222 Rosewood Drive, Danvers, MA 01923,
(978) 750-8400, fax (978) 646-8600. Requests to
the Publisher for permission should be addressed to the
Permissions Department, John Wiley & Sons, Inc.,
111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax
(201) 748-6008, or online at http://www.wiley
.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and
6. the author make no representations or
warranties with respect to the accuracy or completeness of the
contents of this work and specifi cally disclaim
all warranties, including without limitation warranties of fi
tness for a particular purpose. No warranty may
be created or extended by sales or promotional materials. The
advice and strategies contained herein may not
be suitable for every situation. This work is sold with the
understanding that the publisher is not engaged in
rendering legal, accounting, or other professional services. If
professional assistance is required, the services
of a competent professional person should be sought. Neither
the publisher nor the author shall be liable for
damages arising herefrom. The fact that an organization or Web
site is referred to in this work as a citation
and/or a potential source of further information does not mean
that the author or the publisher endorses
the information the organization or website may provide or
recommendations it may make. Further, readers
should be aware that Internet websites listed in this work may
have changed or disappeared between when
this work was written and when it is read.
For general information on our other products and services
please contact our Customer Care Department
7. within the United States at (877) 762-2974, outside the United
States at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and
by print-on-demand. Some material included
with standard print versions of this book may not be included in
e-books or in print-on-demand. If this book
refers to media such as a CD or DVD that is not included in the
version you purchased, you may download
this material at http://booksupport.wiley.com. For more
information about Wiley products,
visit www.wiley.com.
Library of Congress Control Number: 2013954095
Trademarks: Wiley and the Wiley logo are trademarks or
registered trademarks of John Wiley & Sons, Inc.
and/or its affi liates, in the United States and other countries,
and may not be used without written permission.
All other trademarks are the property of their respective owners.
John Wiley & Sons, Inc. is not associated
with any product or vendor mentioned in this book.
www.it-ebooks.info
http://www.it-ebooks.info/
ffi rs.indd 12:57:18:PM 01/17/2014 Page iii
For all those striving to deliver more secure systems
8. www.it-ebooks.info
http://www.it-ebooks.info/
iv
ffi rs.indd 12:57:18:PM 01/17/2014 Page iv
Credits
Executive Editor
Carol Long
Project Editors
Victoria Swider
Tom Dinse
Technical Editor
Chris Wysopal
Production Editor
Christine Mugnolo
Copy Editor
Luann Rouff
Editorial Manager
Mary Beth Wakefi eld
Freelancer Editorial Manager
Rosemarie Graham
Associate Director of Marketing
9. David Mayhew
Marketing Manager
Ashley Zurcher
Business Manager
Amy Knies
Vice President and Executive
Group Publisher
Richard Swadley
Associate Publisher
Jim Minatel
Project Coordinator, Cover
Todd Klemme
Technical Proofreader
Russ McRee
Proofreader
Nancy Carrasco
Indexer
Robert Swanson
Cover Image
Courtesy of Microsoft
Cover Designer
Wiley
www.it-ebooks.info
http://www.it-ebooks.info/
10. v
ffi rs.indd 12:57:18:PM 01/17/2014 Page v
Adam Shostack is currently a program manager at Microsoft.
His security roles there have included security development
processes, usable security, and attack modeling. His attack-
modeling work led to security updates for Autorun being
delivered to hundreds of millions of computers. He shipped
the SDL Threat Modeling Tool and the Elevation of Privilege
threat modeling game. While doing security development
process work, he delivered threat modeling training across
Microsoft and its partners and customers.
Prior to Microsoft, he has been an executive at a number of
successful
information security and privacy startups. He helped found the
CVE, the
Privacy Enhancing Technologies Symposium and the
International Financial
Cryptography Association. He has been a consultant to banks,
hospitals and
startups and established software companies. For the fi rst
several years of his
11. career, he was a systems manager for a medical research lab.
Shostack is a
prolifi c author, blogger, and public speaker. With Andrew
Stewart, he co-authored
The New School of Information Security (Addison-Wesley,
2008).
About the Author
www.it-ebooks.info
http://www.it-ebooks.info/
vi
ffi rs.indd 12:57:18:PM 01/17/2014 Page vi
Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible
for the company’s
software security analysis capabilities. In 2008 he was named
one of InfoWorld’s
Top 25 CTO’s and one of the 100 most infl uential people in IT
by eWeek. One of
the original vulnerability researchers and a member of L0pht
Heavy Industries,
he has testifi ed on Capitol Hill in the US on the subjects of
government computer
security and how vulnerabilities are discovered in software. He
12. is an author of
L0phtCrack and netcat for Windows. He is the lead author of
The Art of Software
Security Testing (Addison-Wesley, 2006).
About the Technical Editor
www.it-ebooks.info
http://www.it-ebooks.info/
vii
ffi rs.indd 12:57:18:PM 01/17/2014 Page vii
First and foremost, I’d like to thank countless engineers at
Microsoft and else-
where who have given me feedback about their experiences
threat modeling. I
wouldn’t have had the opportunity to have so many open and
direct conversa-
tions without the support of Eric Bidstrup and Steve Lipner,
who on my fi rst
day at Microsoft told me to go “wallow in the problem for a
while.” I don’t
think either expected “a while” to be quite so long. Nearly eight
years later with
countless deliverables along the way, this book is my most
13. complete answer to
the question they asked me: “How can we get better threat
models?”
Ellen Cram Kowalczyk helped me make the book a reality in the
Microsoft
context, gave great feedback on both details and aspects that
were missing, and
also provided a lot of the history of threat modeling from the fi
rst security pushes
through the formation of the SDL, and she was a great manager
and mentor.
Ellen and Steve Lipner were also invaluable in helping me
obtain permission
to use Microsoft documents.
The Elevation of Privilege game that opens this book owes
much to Jacqueline
Beauchere, who saw promise in an ugly prototype called
“Threat Spades,” and
invested in making it beautiful and widely available.
The SDL Threat Modeling Tool might not exist if Chris
Peterson hadn’t given
me a chance to build a threat modeling tool for the Windows
team to use. Ivan
Medvedev, Patrick McCuller, Meng Li, and Larry Osterman
14. built the fi rst version
of that tool. I’d like to thank the many engineers in Windows,
and later across
Microsoft, who provided bug reports and suggestions for
improvements in the
beta days, and acknowledge all those who just fl amed at us,
reminding us of the
importance of getting threat modeling right. Without that tool,
my experience
and breadth in threat modeling would be far poorer.
Larry Osterman, Douglas MacIver, Eric Douglas, Michael
Howard, and Bob
Fruth gave me hours of their time and experience in
understanding threat
Acknowledgments
www.it-ebooks.info
http://www.it-ebooks.info/
viii Acknowledgments
ffi rs.indd 12:57:18:PM 01/17/2014 Page viii
modeling at Microsoft. Window Snyder’s perspective as I
started the Microsoft
15. job has been invaluable over the years. Knowing when you’re
done . . . well,
this book is nearly done.
Rob Reeder was a great guide to the fi eld of usable security,
and Chapter 15
would look very different if not for our years of collaboration. I
can’t discuss
usable security without thanking Lorrie Cranor for her help on
that topic; but
also for the chance to keynote the Symposium on Usable
Privacy and Security,
which led me to think about usable engineering advice, a
perspective that is
now suffused throughout this book.
Andy Stiengrubel, Don Ankney, and Russ McRee all taught me
important
lessons related to operational threat modeling, and how the
trade-offs change
as you change context. Guys, thank you for beating on me—
those lessons now
permeate many chapters. Alec Yasinac, Harold Pardue, and Jeff
Landry were
generous with their time discussing their attack tree experience,
and Chapters
16. 4 and 17 are better for those conversations. Joseph Lorenzo Hall
was also a gem
in helping with attack trees. Wendy Nather argued strongly that
assets and
attackers are great ways to make threats real, and thus help
overcome resistance
to fi xing them. Rob Sama checked the Acme fi nancials
example from a CPA’s
perspective, correcting many of my errors. Dave Awksmith
graciously allowed
me to include his threat personas as a complete appendix. Jason
Nehrboss gave
me some of the best feedback I’ve ever received on very early
chapters.
I’d also like to acknowledge Jacob Appelbaum, Crispin Cowan,
Dana Epp (for
years of help, on both the book and tools), Jeremi Gosney,
Yoshi Kohno, David
LeBlanc, Marsh Ray, Nick Mathewson, Tamara McBride, Russ
McRee, Talhah
Mir, David Mortman, Alec Muffet, Ben Rothke, Andrew
Stewart, and Bryan
Sullivan for helpful feedback on drafts and/or ideas that made it
into the book
17. in a wide variety of ways.
Of course, none of those acknowledged in this section are
responsible for the
errors which doubtless crept in or remain.
Writing this book “by myself” (an odd phrase given everyone
I’m acknowl-
edging) makes me miss working with Andrew Stewart, my
partner in writing
on The New School of Information Security. Especially since
people sometimes
attribute that book to me, I want to be public about how much I
missed his
collaboration in this project.
This book wouldn’t be in the form it is were it not for Bruce
Schneier’s will-
ingness to make an introduction to Carol Long, and Carol’s
willingness to pick
up the book. It wasn’t always easy to read the feedback and
suggested changes
from my excellent project editor, Victoria Swider, but this thing
is better where I
did. Tom Dinse stepped in as the project ended and masterfully
took control of a
very large number of open tasks, bringing them to resolution on
18. a tight schedule.
Lastly, and most importantly, thank you to Terri, for all your
help, support,
and love, and for putting up with “it’s almost done” for a very,
very long time.
—Adam Shostack
www.it-ebooks.info
http://www.it-ebooks.info/
ix
ftoc.indd 11:56:7:AM 01/17/2014 Page ix
Introduction xxi
Part I Getting Started 1
Chapter 1 Dive In and Threat Model! 3
Learning to Threat Model 4
What Are You Building? 5
What Can Go Wrong? 7
Addressing Each Threat 12
Checking Your Work 24
Threat Modeling on Your Own 26
Checklists for Diving In and Threat Modeling 27
19. Summary 28
Chapter 2 Strategies for Threat Modeling 29
“What’s Your Threat Model?” 30
Brainstorming Your Threats 31
Brainstorming Variants 32
Literature Review 33
Perspective on Brainstorming 34
Structured Approaches to Threat Modeling 34
Focusing on Assets 36
Focusing on Attackers 40
Focusing on Software 41
Models of Software 43
Types of Diagrams 44
Trust Boundaries 50
What to Include in a Diagram 52
Complex Diagrams 52
Labels in Diagrams 53
Contents
www.it-ebooks.info
http://www.it-ebooks.info/
20. x Contents
ftoc.indd 11:56:7:AM 01/17/2014 Page x
Color in Diagrams 53
Entry Points 53
Validating Diagrams 54
Summary 56
Part II Finding Threats 59
Chapter 3 STRIDE 61
Understanding STRIDE and Why It’s Useful 62
Spoofing Threats 64
Spoofing a Process or File on the Same Machine 65
Spoofing a Machine 66
Spoofing a Person 66
Tampering Threats 67
Tampering with a File 68
Tampering with Memory 68
Tampering with a Network 68
Repudiation Threats 68
Attacking the Logs 69
21. Repudiating an Action 70
Information Disclosure Threats 70
Information Disclosure from a Process 71
Information Disclosure from a Data Store 71
Information Disclosure from a Data Flow 72
Denial-of-Service Threats 72
Elevation of Privilege Threats 73
Elevate Privileges by Corrupting a Process 74
Elevate Privileges through Authorization Failures 74
Extended Example: STRIDE Threats against Acme-DB 74
STRIDE Variants 78
STRIDE-per-Element 78
STRIDE-per-Interaction 80
DESIST 85
Exit Criteria 85
Summary 85
Chapter 4 Attack Trees 87
Working with Attack Trees 87
Using Attack Trees to Find Threats 88
Creating New Attack Trees 88
22. Representing a Tree 91
Human-Viewable Representations 91
Structured Representations 94
Example Attack Tree 94
Real Attack Trees 96
Fraud Attack Tree 96
Election Operations Assessment Threat Trees 96
Mind Maps 98
www.it-ebooks.info
http://www.it-ebooks.info/
Contents xi
ftoc.indd 11:56:7:AM 01/17/2014 Page xi
Perspective on Attack Trees 98
Summary 100
Chapter 5 Attack Libraries 101
Properties of Attack Libraries 101
Libraries and Checklists 103
Libraries and Literature Reviews 103
CAPEC 104
Exit Criteria 106
23. Perspective on CAPEC 106
OWASP Top Ten 108
Summary 108
Chapter 6 Privacy Tools 111
Solove’s Taxonomy of Privacy 112
Privacy Considerations for
Internet Protocols 114
Privacy Impact Assessments (PIA) 114
The Nymity Slider and the Privacy Ratchet 115
Contextual Integrity 117
Contextual Integrity Decision Heuristic 118
Augmented Contextual Integrity Heuristic 119
Perspective on Contextual Integrity 119
LINDDUN 120
Summary 121
Part III Managing and Addressing Threats 123
Chapter 7 Processing and Managing Threats 125
Starting the Threat Modeling Project 126
When to Threat Model 126
What to Start and (Plan to) End With 128
Where to Start 128
Digging Deeper into Mitigations 130
24. The Order of Mitigation 131
Playing Chess 131
Prioritizing 132
Running from the Bear 132
Tracking with Tables and Lists 133
Tracking Threats 133
Making Assumptions 135
External Security Notes 136
Scenario-Specifi c Elements of
Threat Modeling 138
Customer/Vendor Trust Boundary 139
New Technologies 139
Threat Modeling an API 141
Summary 143
www.it-ebooks.info
http://www.it-ebooks.info/
xii Contents
ftoc.indd 11:56:7:AM 01/17/2014 Page xii
Chapter 8 Defensive Tactics and Technologies 145
25. Tactics and Technologies for Mitigating Threats 145
Authentication: Mitigating Spoofi ng 146
Integrity: Mitigating Tampering 148
Non-Repudiation: Mitigating Repudiation 150
Confi dentiality: Mitigating Information Disclosure 153
Availability: Mitigating Denial of Service 155
Authorization: Mitigating Elevation of Privilege 157
Tactic and Technology Traps 159
Addressing Threats with Patterns 159
Standard Deployments 160
Addressing CAPEC Threats 160
Mitigating Privacy Threats 160
Minimization 160
Cryptography 161
Compliance and Policy 164
Summary 164
Chapter 9 Trade-Off s When Addressing Threats 167
Classic Strategies for Risk Management 168
Avoiding Risks 168
Addressing Risks 168
26. Accepting Risks 169
Transferring Risks 169
Ignoring Risks 169
Selecting Mitigations for Risk Management 170
Changing the Design 170
Applying Standard Mitigation Technologies 174
Designing a Custom Mitigation 176
Fuzzing Is Not a Mitigation 177
Threat-Specifi c Prioritization Approaches 178
Simple Approaches 178
Threat-Ranking with a Bug Bar 180
Cost Estimation Approaches 181
Mitigation via Risk Acceptance 184
Mitigation via Business Acceptance 184
Mitigation via User Acceptance 185
Arms Races in Mitigation Strategies 185
Summary 186
Chapter 10 Validating That Threats Are Addressed 189
Testing Threat Mitigations 190
Test Process Integration 190
27. How to Test a Mitigation 191
Penetration Testing 191
www.it-ebooks.info
http://www.it-ebooks.info/
Contents xiii
ftoc.indd 11:56:7:AM 01/17/2014 Page xiii
Checking Code You Acquire 192
Constructing a Software Model 193
Using the Software Model 194
QA’ing Threat Modeling 195
Model/Reality Conformance 195
Task and Process Completion 196
Bug Checking 196
Process Aspects of Addressing Threats 197
Threat Modeling Empowers Testing;
Testing Empowers Threat Modeling 197
Validation/Transformation 197
Document Assumptions as You Go 198
Tables and Lists 198
Summary 202
28. Chapter 11 Threat Modeling Tools 203
Generally Useful Tools 204
Whiteboards 204
Offi ce Suites 204
Bug-Tracking Systems 204
Open-Source Tools 206
TRIKE 206
SeaMonster 206
Elevation of Privilege 206
Commercial Tools 208
ThreatModeler 208
Corporate Threat Modeller 208
SecurITree 209
Little-JIL 209
Microsoft’s SDL Threat Modeling Tool 209
Tools That Don’t Exist Yet 213
Summary 213
Part IV Threat Modeling in Technologies and Tricky Areas 215
Chapter 12 Requirements Cookbook 217
Why a “Cookbook”? 218
The Interplay of Requirements, Threats,
29. and Mitigations 219
Business Requirements 220
Outshining the Competition 220
Industry Requirements 220
Scenario-Driven Requirements 221
Prevent/Detect/Respond as a Frame
for Requirements 221
Prevention 221
Detection 225
www.it-ebooks.info
http://www.it-ebooks.info/
xiv Contents
ftoc.indd 11:56:7:AM 01/17/2014 Page xiv
Response 225
People/Process/Technology as a Frame
for Requirements 227
People 227
Process 228
Technology 228
30. Development Requirements vs. Acquisition Requirements 228
Compliance-Driven Requirements 229
Cloud Security Alliance 229
NIST Publication 200 230
PCI-DSS 231
Privacy Requirements 231
Fair Information Practices 232
Privacy by Design 232
The Seven Laws of Identity 233
Microsoft Privacy Standards for Development 234
The STRIDE Requirements 234
Authentication 235
Integrity 236
Non-Repudiation 237
Confi dentiality 238
Availability 238
Authorization 239
Non-Requirements 240
Operational Non-Requirements 240
Warnings and Prompts 241
31. Microsoft’s “10 Immutable Laws” 241
Summary 242
Chapter 13 Web and Cloud Threats 243
Web Threats 243
Website Threats 244
Web Browser and Plugin Threats 244
Cloud Tenant Threats 246
Insider Threats 246
Co-Tenant Threats 247
Threats to Compliance 247
Legal Threats 248
Threats to Forensic Response 248
Miscellaneous Threats 248
Cloud Provider Threats 249
Threats Directly from Tenants 249
Threats Caused by Tenant Behavior 250
Mobile Threats 250
Summary 251
www.it-ebooks.info
http://www.it-ebooks.info/
32. Contents xv
ftoc.indd 11:56:7:AM 01/17/2014 Page xv
Chapter 14 Accounts and Identity 253
Account Life Cycles 254
Account Creation 254
Account Maintenance 257
Account Termination 258
Account Life-Cycle Checklist 258
Authentication 259
Login 260
Login Failures 262
Threats to “What You Have” 263
Threats to “What You Are” 264
Threats to “What You Know” 267
Authentication Checklist 271
Account Recovery 271
Time and Account Recovery 272
E-mail for Account Recovery 273
Knowledge-Based Authentication 274
33. Social Authentication 278
Attacker-Driven Analysis of
Account Recovery 280
Multi-Channel Authentication 281
Account Recovery Checklist 281
Names, IDs, and SSNs 282
Names 282
Identity Documents 285
Social Security Numbers and Other
National Identity Numbers 286
Identity Theft 289
Names, IDs, and SSNs Checklist 290
Summary 290
Chapter 15 Human Factors and Usability 293
Models of People 294
Applying Behaviorist Models of People 295
Cognitive Science Models of People 297
Heuristic Models of People 302
Models of Software Scenarios 304
34. Modeling the Software 304
Diagramming for Modeling the Software 307
Modeling Electronic Social Engineering Attacks 309
Threat Elicitation Techniques 311
Brainstorming 311
The Ceremony Approach to Threat Modeling 311
Ceremony Analysis Heuristics 312
Integrating Usability into the Four-Stage Framework 315
www.it-ebooks.info
http://www.it-ebooks.info/
xvi Contents
ftoc.indd 11:56:7:AM 01/17/2014 Page xvi
Tools and Techniques for Addressing
Human Factors 316
Myths That Inhibit Human Factors Work 317
Design Patterns for Good Decisions 317
Design Patterns for a Kind Learning
Environment 320
User Interface Tools and Techniques 322
35. Confi guration 322
Explicit Warnings 323
Patterns That Grab Attention 325
Testing for Human Factors 327
Benign and Malicious Scenarios 328
Ecological Validity 328
Perspective on Usability and Ceremonies 329
Summary 331
Chapter 16 Threats to Cryptosystems 333
Cryptographic Primitives 334
Basic Primitives 334
Privacy Primitives 339
Modern Cryptographic Primitives 339
Classic Threat Actors 341
Attacks against Cryptosystems 342
Building with Crypto 346
Making Choices 346
Preparing for Upgrades 346
Key Management 346
Authenticating before Decrypting 348
Things to Remember about Crypto 348
36. Use a Cryptosystem Designed by Professionals 348
Use Cryptographic Code Built and Tested by Professionals 348
Cryptography Is Not Magic Security Dust 349
Assume It Will All Become Public 349
You Still Need to Manage Keys 349
Secret Systems: Kerckhoffs and His Principles 349
Summary 351
Part V Taking It to the Next Level 353
Chapter 17 Bringing Threat Modeling to Your Organization 355
How To Introduce Threat Modeling 356
Convincing Individual Contributors 357
Convincing Management 358
Who Does What? 359
Threat Modeling and Project Management 359
www.it-ebooks.info
http://www.it-ebooks.info/
Contents xvii
ftoc.indd 11:56:7:AM 01/17/2014 Page xvii
Prerequisites 360
37. Deliverables 360
Individual Roles and Responsibilities 362
Group Interaction 363
Diversity in Threat Modeling Teams 367
Threat Modeling within a Development Life Cycle 367
Development Process Issues 368
Organizational Issues 373
Customizing a Process for Your Organization 378
Overcoming Objections to Threat Modeling 379
Resource Objections 379
Value Objections 380
Objections to the Plan 381
Summary 383
Chapter 18 Experimental Approaches 385
Looking in the Seams 386
Operational Threat Models 387
FlipIT 388
Kill Chains 388
The “Broad Street” Taxonomy 392
Adversarial Machine Learning 398
Threat Modeling a Business 399
38. Threats to Threat Modeling Approaches 400
Dangerous Deliverables 400
Enumerate All Assumptions 400
Dangerous Approaches 402
How to Experiment 404
Defi ne a Problem 404
Find Aspects to Measure and Measure Them 404
Study Your Results 405
Summary 405
Chapter 19 Architecting for Success 407
Understanding Flow 407
Flow and Threat Modeling 409
Stymieing People 411
Beware of Cognitive Load 411
Avoid Creator Blindness 412
Assets and Attackers 412
Knowing the Participants 413
Boundary Objects 414
The Best Is the Enemy of the Good 415
Closing Perspectives 416
“The Threat Model Has Changed” 417
39. www.it-ebooks.info
http://www.it-ebooks.info/
xviii Contents
ftoc.indd 11:56:7:AM 01/17/2014 Page xviii
On Artistry 418
Summary 419
Now Threat Model 420
Appendix A Helpful Tools 421
Common Answers to “What’s Your Threat Model?” 421
Network Attackers 421
Physical Attackers 422
Attacks against People 423
Supply Chain Attackers 423
Privacy Attackers 424
Non-Sentient “Attackers” 424
The Internet Threat Model 424
Assets 425
Computers as Assets 425
40. People as Assets 426
Processes as Assets 426
Intangible Assets 427
Stepping-Stone Assets 427
Appendix B Threat Trees 429
STRIDE Threat Trees 430
Spoofi ng an External Entity (Client/ Person/Account) 432
Spoofi ng a Process 438
Spoofi ng of a Data Flow 439
Tampering with a Process 442
Tampering with a Data Flow 444
Tampering with a Data Store 446
Repudiation against a Process (or by an External Entity) 450
Repudiation, Data Store 452
Information Disclosure from a Process 454
Information Disclosure from a Data Flow 456
Information Disclosure from a Data Store 459
Denial of Service against a Process 462
Denial of Service against a Data Flow 463
41. Denial of Service against a Data Store 466
Elevation of Privilege against a Process 468
Other Threat Trees 470
Running Code 471
Attack via a “Social” Program 474
Attack with Tricky Filenames 476
Appendix C Attacker Lists 477
Attacker Lists 478
Barnard’s List 478
Verizon’s Lists 478
OWASP 478
Intel TARA 479
www.it-ebooks.info
http://www.it-ebooks.info/
Contents xix
ftoc.indd 11:56:7:AM 01/17/2014 Page xix
Personas and Archetypes 480
Aucsmith’s Attacker Personas 481
Background and Defi nitions 481
Personas 484
42. David “Ne0phyate” Bradley – Vandal 484
JoLynn “NightLily” Dobney – Trespasser 486
Sean “Keech” Purcell – Defacer 488
Bryan “CrossFyre” Walton – Author 490
Lorrin Smith-Bates – Insider 492
Douglas Hite – Thief 494
Mr. Smith – Terrorist 496
Mr. Jones – Spy 498
Appendix D Elevation of Privilege: The Cards 501
Spoofi ng 501
Tampering 503
Repudiation 504
Information Disclosure 506
Denial of Service 507
Elevation of Privilege (EoP) 508
Appendix E Case Studies 511
The Acme Database 512
Security Requirements 512
Software Model 512
Threats and Mitigations 513
Acme’s Operational Network 519
Security Requirements 519
Operational Network 520
Threats to the Network 521
Phones and One-Time Token Authenticators 525
43. The Scenario 526
The Threats 527
Possible Redesigns 528
Sample for You to Model 528
Background 529
The iNTegrity Data Flow Diagrams 530
Exercises 531
Glossary 533
Bibliography 543
Index 567
www.it-ebooks.info
http://www.it-ebooks.info/
fl ast.indd 11:57:23:AM 01/17/2014 Page xx
www.it-ebooks.info
http://www.it-ebooks.info/
xxi
fl ast.indd 11:57:23:AM 01/17/2014 Page xxi
All models are wrong, some models are useful.
44. — George Box
This book describes the useful models you can employ to
address or mitigate
these potential threats. People who build software, systems, or
things with
software need to address the many predictable threats their
systems can face.
Threat modeling is a fancy name for something we all do
instinctively. If I
asked you to threat model your house, you might start by
thinking about the
precious things within it: your family, heirlooms, photos, or
perhaps your collec-
tion of signed movie posters. You might start thinking about the
ways someone
might break in, such as unlocked doors or open windows. And
you might start
thinking about the sorts of people who might break in, including
neighborhood
kids, professional burglars, drug addicts, perhaps a stalker, or
someone trying
to steal your Picasso original.
Each of these examples has an analog in the software world, but
45. for now,
the important thing is not how you guard against each threat,
but that you’re
able to relate to this way of thinking. If you were asked to help
assess a friend’s
house, you could probably help, but you might lack confi dence
in how complete
your analysis is. If you were asked to secure an offi ce complex,
you might have
a still harder time, and securing a military base or a prison
seems even more
diffi cult. In those cases, your instincts are insuffi cient, and
you’d need tools to
help tackle the questions. This book will give you the tools to
think about threat
modeling technology in structured and effective ways.
In this introduction, you’ll learn about what threat modeling is
and why indi-
viduals, teams, and organizations threat model. Those reasons
include fi nding
security issues early, improving your understanding of security
requirements,
and being able to engineer and deliver better products. This
introduction has
46. Introduction
www.it-ebooks.info
http://www.it-ebooks.info/
xxii Introduction
fl ast.indd 11:57:23:AM 01/17/2014 Page xxii
fi ve main sections describing what the book is about, including
a defi nition of
threat modeling and reasons it’s important; who should read this
book; how to
use it, and what you can expect to gain from the various parts,
and new lessons
in threat modeling.
What Is Threat Modeling?
Everyone threat models. Many people do it out of frustration in
line at the airport,
sneaking out of the house or into a bar. At the airport, you
might idly consider how
to sneak something through security, even if you have no intent
to do so. Sneaking
in or out of someplace, you worry about who might catch you.
When you speed
47. down the highway, you work with an implicit threat model
where the main threat
is the police, who you probably think are lurking behind a
billboard or overpass.
Threats of road obstructions, deer, or rain might play into your
model as well.
When you threat model, you usually use two types of models.
There’s a model
of what you’re building, and there’s a model of the threats
(what can go wrong).
What you’re building with software might be a website, a
downloadable program
or app, or it might be delivered in a hardware package. It might
be a distributed
system, or some of the “things” that will be part of the “Internet
of things.” You
model so that you can look at the forest, not the trees. A good
model helps you
address classes or groups of attacks, and deliver a more secure
product.
The English word threat has many meanings. It can be used to
describe a
person, such as “Osama bin Laden was a threat to America,” or
people, such
48. as “the insider threat.” It can be used to describe an event, such
as “There is
a threat of a hurricane coming through this weekend,” and it can
be used to
describe a weakness or possibility of attack, such as “What are
you doing about
confi dentiality threats?” It is also used to describe viruses and
malware such as
“This threat incorporates three different methods for
spreading.” It can be used
to describe behavior such as “There’s a threat of operator
error.”
Similarly, the term threat modeling has many meanings, and the
term threat
model is used in many distinct and perhaps incompatible ways,
including:
■ As a verb—for example, “Have you threat modeled?” That is,
have you
gone through an analysis process to fi gure out what might go
wrong with
the thing you’re building?
■ As a noun, to ask what threat model is being used. For
example, “Our
threat model is someone in possession of the machine,” or “Our
threat
49. model is a skilled and determined remote attacker.”
■ It can mean building up a set of idealized attackers.
■ It can mean abstracting threats into classes such as
tampering.
There are doubtless other defi nitions. All of these are useful in
various sce-
narios and thus correct, and there are few less fruitful ways to
spend your time
www.it-ebooks.info
http://www.it-ebooks.info/
Introduction xxiii
fl ast.indd 11:57:23:AM 01/17/2014 Page xxiii
than debating them. Arguing over defi nitions is a strange game,
and the only
way to win is not to play. This book takes a big tent approach to
threat model-
ing and includes a wide range of techniques you can apply early
to make what
you’re designing or building more secure. It will also address
the reality that
some techniques are more effective than others, and that some
50. techniques are
more likely to work for people with particular skills or
experience.
Threat modeling is the key to a focused defense. Without threat
models, you
can never stop playing whack-a-mole.
In short, threat modeling is the use of abstractions to aid in
thinking about
risks.
Reasons to Threat Model
In today’s fast-paced world, there is a tendency to streamline
development activ-
ity, and there are important reasons to threat model, which are
covered in this
section. Those include fi nding security bugs early,
understanding your security
requirements, and engineering and delivering better products.
Find Security Bugs Early
If you think about building a house, decisions you make early
will have dramatic
effects on security. Wooden walls and lots of ground-level
windows expose you
51. to more risks than brick construction and few windows. Either
may be a reason-
able choice, depending on where you’re building and other
factors. Once you’ve
chosen, changes will be expensive. Sure, you can put bars over
your windows,
but wouldn’t it be better to use a more appropriate design from
the start? The
same sorts of tradeoffs can apply in technology. Threat
modeling will help you
fi nd design issues even before you’ve written a line of code,
and that’s the best
time to fi nd those issues.
Understand Your Security Requirements
Good threat models can help you ask “Is that really a
requirement?” For example,
does the system need to be secure against someone in physical
possession of
the device? Apple has said yes for the iPhone, which is different
from the tradi-
tional world of the PC. As you fi nd threats and triage what
you’re going to do
with them, you clarify your requirements. With more clear
requirements, you
52. can devote your energy to a consistent set of security features
and properties.
There is an important interplay between requirements, threats,
and mitiga-
tions. As you model threats, you’ll fi nd that some threats don’t
line up with your
business requirements, and as such may not be worth
addressing. Alternately,
your requirements may not be complete. With other threats,
you’ll fi nd that
addressing them is too complex or expensive. You’ll need to
make a call between
www.it-ebooks.info
http://www.it-ebooks.info/
xxiv Introduction
fl ast.indd 11:57:23:AM 01/17/2014 Page xxiv
addressing them partially in the current version or accepting
(and communicat-
ing) that you can’t address those threats.
Engineer and Deliver Better Products
By considering your requirements and design early in the
53. process, you can
dramatically lower the odds that you’ll be re-designing, re-
factoring, or facing
a constant stream of security bugs. That will let you deliver a
better product on
a more predictable schedule. All the effort that would go to
those can be put
into building a better, faster, cheaper or more secure product.
You can focus on
whatever properties your customers want.
Address Issues Other Techniques Won’t
The last reason to threat model is that threat modeling will lead
you to catego-
ries of issues that other tools won’t fi nd. Some of these issues
will be errors of
omission, such as a failure to authenticate a connection. That’s
not something
that a code analysis tool will fi nd. Other issues will be unique
to your design.
To the extent that you have a set of smart developers building
something new,
you might have new ways threats can manifest. Models of what
goes wrong,
54. by abstracting away details, will help you see analogies and
similarities to
problems that have been discovered in other systems.
A corollary of this is that threat modeling should not focus on
issues that your
other safety and security engineering is likely to fi nd (except
insofar as fi nding
them early lets you avoid re-engineering). So if, for example,
you’re building a
product with a database, threat modeling might touch quickly on
SQL injection
attacks, and the variety of trust boundaries that might be
injectable. However,
you may know that you’ll encounter those. Your threat
modeling should focus
on issues that other techniques can’t fi nd.
Who Should Read This book?
This book is written for those who create or operate complex
technology. That’s
primarily software engineers and systems administrators, but it
also includes
a variety of related roles, including analysts or architects.
There’s also a lot of
55. information in here for security professionals, so this book
should be useful to
them and those who work with them. Different parts of the book
are designed
for different people—in general, the early chapters are for
generalists (or special-
ists in something other than security), while the end of the book
speaks more
to security specialists.
www.it-ebooks.info
http://www.it-ebooks.info/
Introduction xxv
fl ast.indd 11:57:23:AM 01/17/2014 Page xxv
You don’t need to be a security expert, professional, or even
enthusiast to
get substantial benefi t from this book. I assume that you
understand that there
are people out there whose interests and desires don’t line up
with yours. For
example, maybe they’d like to take money from you, or they
may have other
goals, like puffi ng themselves up at your expense or using your
56. computer to
attack other people.
This book is written in plain language for anyone who can write
or spec a
program, but sometimes a little jargon helps in precision,
conciseness, or clarity,
so there’s a glossary.
What You Will Gain from This Book
When you read this book cover to cover, you will gain a rich
knowledge of threat
modeling techniques. You’ll learn to apply those techniques to
your projects
so you can build software that’s more secure from the get-go,
and deploy it
more securely. You’ll learn to how to make security tradeoffs in
ways that are
considered, measured, and appropriate. You will learn a set of
tools and when
to bring them to bear. You will discover a set of glamorous
distractions. Those
distractions might seem like wonderful, sexy ideas, but they
hide an ugly inte-
rior. You’ll learn why they prevent you from effectively threat
57. modeling, and
how to avoid them.
You’ll also learn to focus on the actionable outputs of threat
modeling, and
I’ll generally call those “bugs.” There are arguments that it’s
helpful to consider
code issues as bugs, and design issues as fl aws. In my book,
those arguments
are a distraction; you should threat model to fi nd issues that
you can address,
and arguing about labels probably doesn’t help you address
them.
Lessons for Diff erent Readers
This book is designed to be useful to a wide variety of people
working in tech-
nology. That includes a continuum from those who develop
software to those
who combine it into systems that meet operational or business
goals to those
who focus on making it more secure.
For convenience, this book pretends there is a bright dividing
line between
development and operations. The distinction is used as a way of
58. understand-
ing who has what capabilities, choices, and responsibilities. For
example, it is
“easy” for a developer to change what is logged, or to
implement a different
authentication system. Both of these may be hard for operations.
Similarly, it’s
“easy” for operations to ensure that logs are maintained, or to
ensure that a
computer is in a locked cage. As this book was written, there’s
also an important
www.it-ebooks.info
http://www.it-ebooks.info/
xxvi Introduction
fl ast.indd 11:57:23:AM 01/17/2014 Page xxvi
model of “devops” emerging. The lessons for developers and
operations can
likely be applied with minor adjustments. This book also
pretends that security
expertise is separate from either development or operations
expertise, again,
simply as a convenience.
59. Naturally, this means that the same parts of the book will bring
different les-
sons for different people. The breakdown below gives a focused
value proposi-
tion for each audience.
Software Developers and Testers
Software developers—those whose day jobs are focused on
creating software—
include software engineers, quality assurance, and a variety of
program or
project managers. If you’re in that group, you will learn to fi nd
and address
design issues early in the software process. This book will
enable you to deliver
more secure software that better meets customer requirements
and expecta-
tions. You’ll learn a simple, effective and fun approach to threat
modeling, as
well as different ways to model your software or fi nd threats.
You’ll learn how
to track threats with bugs that fi t into your development
process. You’ll learn to
use threats to help make your requirements more crisp, and vice
60. versa. You’ll
learn about areas such as authentication, cryptography, and
usability where the
interplay of mitigations and attacks has a long history, so you
can understand
how the recommended approaches have developed to their
current state. You’ll
learn about how to bring threat modeling into your development
process. And
a whole lot more!
Systems Architecture, Operations, and Management
For those whose day jobs involve bringing together software
components,
weaving them together into systems to deliver value, you’ll
learn to fi nd and
address threats as you design your systems, select your
components, and get
them ready for deployment. This book will enable you to deliver
more secure
systems that better meet business, customer, and compliance
requirements.
You’ll learn a simple, effective, and fun approach to threat
modeling, as well as
61. different ways to model the systems you’re building or have
built. You’ll learn
how to fi nd security and privacy threats against those systems.
You’ll learn
about the building blocks which are available for you to
operationally address
those threats. You’ll learn how to make tradeoffs between the
threats you face,
and how to ensure that those threats are addressed. You’ll learn
about specifi c
threats to categories of technology, such as web and cloud
systems, and about
threats to accounts, both of which are deeply important to those
in operations.
It will cover issues of usability, and perhaps even change your
perspective on
www.it-ebooks.info
http://www.it-ebooks.info/
Introduction xxvii
fl ast.indd 11:57:23:AM 01/17/2014 Page xxvii
how to infl uence the security behavior of people within your
organization and/
62. or your customers. You will learn about cryptographic building
blocks, which
you may be using to protect systems. And a whole lot more!
Security Professionals
If you work in security, you will learn two major things from
this book: First,
you’ll learn structured approaches to threat modeling that will
enhance your
productivity, and as you do, you’ll learn why many of the
“obvious” parts
of threat modeling are not as obvious, or as right, as you may
have believed.
Second, you’ll learn about bringing security into the
development, operational
and release processes that your organization uses.
Even if you are an expert, this book can help you threat model
better. Here,
I speak from experience. As I was writing the case study
appendix, I found
myself turning to both the tree in Appendix B and the
requirements chapter,
and fi nding threats that didn’t spring to mind from just
considering the models
63. of software.
T O M Y CO L L E AG U E S I N I N FO R M AT I O N S E C
U R I T Y
I want to be frank. This book is not about how to design
abstractly perfect software.
It is a practical, grounded book that acknowledges that most
software is built in some
business or organizational reality that requires tradeoff s. To the
dismay of purists,
software where tradeoff s were made runs the world these days,
and I’d like to make
such software more secure by making those tradeoff s better.
That involves a great
many elements, two of which are making security more
consistent and more acces-
sible to our colleagues in other specialties.
This perspective is grounded in my time as a systems
administrator, deploying
security technologies, and observing the issues people
encountered. It is grounded
in my time as a startup executive, learning to see security as a
property of a system
which serves a business goal. It is grounded in my
responsibility for threat model-
64. ing as part of Microsoft’s Security Development Lifecycle. In
that last role, I spoke
with thousands of people at Microsoft, its partners, and its
customers about our
approaches. These individuals ranged from newly hired
developers to those with
decades of experience in security, and included chief security
offi cers and Microsoft’s
Trustworthy Computing Academic Advisory Board. I learned
that there are an awful
lot of opinions about what works, and far fewer about what does
not. This book aims
to convince my fellow security professionals that pragmatism in
what we ask of devel-
opment and operations helps us deliver more secure software
over time. This perspec-
tive may be a challenge for some security professionals. They
should focus on Parts II,
IV, and V, and perhaps give consideration to the question of the
best as the enemy of
the good.
www.it-ebooks.info
http://www.it-ebooks.info/
65. xxviii Introduction
fl ast.indd 11:57:23:AM 01/17/2014 Page xxviii
How To Use This Book
You should start at the very beginning. It’s a very good place to
start, even if
you already know how to threat model, because it lays out a
framework that
will help you understand the rest of the book.
The Four-Step Framework
This book introduces the idea that you should see threat
modeling as composed
of steps which accomplish subgoals, rather than as a single
activity. The essential
questions which you ask to accomplish those subgoals are:
1. What are you building?
2. What can go wrong with it once it’s built?
3. What should you do about those things that can go wrong?
4. Did you do a decent job of analysis?
The methods you use in each step of the framework can be
thought of like
66. Lego blocks. When working with Legos, you can snap in other
Lego blocks.
In Chapter 1, you’ll use a data fl ow diagram to model what
you’re building,
STRIDE to help you think about what can go wrong and what
you should do
about it, and a checklist to see if you did a decent job of
analysis. In Chapter 2,
you’ll see how diagrams are the most helpful way to think about
what you’re
building. Different diagram types are like different building
blocks to help
you model what you’re building. In Chapter 3, you’ll go deep
into STRIDE (a
model of threats), while in Chapter 4, you’ll learn to use attack
trees instead of
STRIDE, while leaving everything else the same. STRIDE and
attack trees are
different building blocks for considering what can go wrong
once you’ve built
your new technology.
Not every approach can snap with every other approach. It takes
crazy glue
67. to make an Erector set and Lincoln logs stick together. Attempts
to glue threat
modeling approaches together has made for some confusing
advice. For example,
trying to consider how terrorists would attack your assets
doesn’t really lead
to a lot of actionable issues. And even with building blocks that
snap together,
you can make something elegant, or something confusing or
bizarre.
So to consider this as a framework, what are the building
blocks? The four-
step framework is shown graphically in Figure I-1.
The steps are:
1. Model the system you’re building, deploying, or changing.
2. Find threats using that model and the approaches in Part II.
www.it-ebooks.info
http://www.it-ebooks.info/
Introduction xxix
fl ast.indd 11:57:23:AM 01/17/2014 Page xxix
3. Address threats using the approaches in Part III.
68. 4. Validate your work for completeness and effectiveness (also
Part III).
Model
System
Find
Threats
Address
Threats
Validate
Figure I-1: The Four-Step Framework
This framework was designed to align with software
development and opera-
tional deployment. It has proven itself as a way to structure
threat modeling.
It also makes it easier to experiment without replacing the
entire framework.
From here until you reach Part V, almost everything you
encounter is selected
because it plugs into this four-step framework.
This book is roughly organized according to the framework:
Part I “Getting Started” is about getting started. The opening
part of the book
(especially Chapter 1) is designed for those without much
69. security expertise.
The later parts of the book build on the security knowledge
you’ll gain from this
material (or combined with your own experience). You’ll gain
an understanding
of threat modeling, and a recommended approach for those who
are new to the
discipline. You’ll also learn various ways to model your
software, along with
why that’s a better place to start than other options, such as
attackers or assets.
Part II “Finding Threats” is about fi nding threats. It presents a
collection of
techniques and tools you can use to fi nd threats. It surveys and
analyzes the dif-
ferent ways people approach information technology threat
modeling, enabling
you to examine the pros and cons of the various techniques that
people bring to
bear. They’re grouped in a way that enables you to either read
them from start
to fi nish or jump in at a particular point where you need help.
Part III “Managing and Addressing Threats” is about managing
and address-
ing threats. It includes processing threats and how to manage
70. them, the tactics
and technologies you can use to address them, and how to make
risk tradeoffs
www.it-ebooks.info
http://www.it-ebooks.info/
xxx Introduction
fl ast.indd 11:57:23:AM 01/17/2014 Page xxx
you might need to make. It also covers validating that your
threats are addressed,
and tools you can use to help you threat model.
Part IV “Threat Modeling in Technologies and Tricky Areas” is
about threat
modeling in specifi c technologies and tricky areas where a
great deal of threat
modeling and analysis work has already been done. It includes
chapters on web
and cloud, accounts and identity, and cryptography, as well as a
requirements
“cookbook” that you can use to jump-start your own security
requirements
analysis.
Part V “Taking it to the Next Level” is about taking threat
71. modeling to the
next level. It targets the experienced threat modeler, security
expert, or process
designer who is thinking about how to build and customize
threat modeling
processes for a given organization.
Appendices include information to help you apply what you’ve
learned. They
include sets of common answers to “what’s your threat model,”
and “what are
our assets”; as well as threat trees that can help you fi nd
threats, lists of attackers
and attacker personas; and details about the Elevation of
Privilege game you’ll
use in Chapter 1; and lastly, a set of detailed example threat
models. These are
followed by a glossary, bibliography, and index.
Website: This book’s website, www.threatmodelingbook.com
will contain a
PDF of some of the fi gures in the book, and likely an errata list
to mitigate the
errors that inevitably threaten to creep in.
What This Book Is Not
Many security books today promise to teach you to hack. Their
intent is to teach
72. you what sort of attacks need to be defended against. The idea
is that if you have
an empirically grounded set of attacks, you can start with that to
create your
defense. This is not one of those books, because despite
millions of such books
being sold, vulnerable systems are still being built and
deployed. Besides, there
are solid, carefully considered defenses against many sorts of
attacks. It may
be useful to know how to execute an attack, but it’s more
important to know
where each attack might be executed, and how to effectively
defend against it.
This book will teach you that.
This book is not focused on a particular technology, platform,
or API set.
Platforms and APIs infl uence may offer security features you
can use, or mitigate
some threats for you. The threats and mitigations associated
with a platform
change from release to release, and this book aims to be a useful
reference
volume on your shelf for longer than the release of any
particular technology.
73. This book is not a magic pill that will make you a master of
threat modeling.
It is a resource to help you understand what you need to know.
Practice will
www.it-ebooks.info
http://www.it-ebooks.info/
Introduction xxxi
fl ast.indd 11:57:23:AM 01/17/2014 Page xxxi
help you get better, and deliberative practice with feedback and
hard problems
will make you a master.
New Lessons on Threat Modeling
Most experienced security professionals have developed an
approach to threat
modeling that works for them. If you’ve been threat modeling
for years, this
book will give you an understanding of other approaches you
can apply. This
book also give you a structured understanding of a set of
methods and how
they inter-relate. Lastly, there are some deeper lessons which
74. are worth bringing
to your attention, rather than leaving them for you to extract.
There’s More Than One Way to Threat Model
If you ask a programmer “What’s the right programming
language for my new
project?” you can expect a lot of clarifying questions. There is
no one ideal pro-
gramming language. There are certainly languages that are
better or worse at
certain types of tasks. For example, it’s easier to write text
manipulation code
in Perl than assembler. Python is easier to read and maintain
than assembler,
but when you need to write ultra-fast code for a device driver, C
or assembler
might be a better choice. In the same way, there are better and
worse ways to
threat model, which depend greatly on your situation: who will
be involved,
what skills they have, and so on.
So you can think of threat modeling like programming. Within
programming
there are languages, paradigms (such as waterfall or agile), and
75. practices (pair
programming or frequent deployment). The same is true of
threat modeling.
Most past writing on threat modeling has presented “the” way to
do it. This
book will help you see how “there’s more than one way to do it”
is not just the
Perl motto, but also applies to threat modeling.
The Right Way Is the Way That Finds Good Threats
The right way to threat model is the way that empowers a
project team to fi nd
more good threats against a system than other techniques that
could be employed
with the resources available. (A “good threat” is a threat that
illuminates work
that needs to be done.) That’s as true for a project team of one
as it is for a project
team of thousands. That’s also true across all levels of
resources, such as time,
expertise, and tooling. The right techniques empower a team to
really fi nd and
address threats (and gain assurance that they have done so).
www.it-ebooks.info
76. http://www.it-ebooks.info/
xxxii Introduction
fl ast.indd 11:57:23:AM 01/17/2014 Page xxxii
There are lots of people who will tell you that they know the
one true way.
(That’s true in fi elds far removed from threat modeling.) Avoid
a religious war
and fi nd a way that works for you.
Threat Modeling Is Like Version Control
Threat modeling is sometimes seen as a specialist skill that only
a few people
can do well. That perspective holds us back, because threat
modeling is more
like version control than a specialist skill. This is not intended
to denigrate or
minimize threat modeling; rather, no professional developer
would think of
building software of any complexity without a version control
system of some
form. Threat modeling should aspire to be that fundamental.
You expect every professional software developer to know the
77. basics of a
version control system or two, and similarly, many systems
administrators
will use version control to manage confi guration fi les. Many
organizations get
by with a simple version control approach, and never need an
expert. If you
work at a large organization, you might have someone who
manages the build
tree full time. Threat modeling is similar. With the lessons in
this book, it will
become reasonable to expect professionals in software and
operations to have
basic experience threat modeling.
Threat Modeling Is Also Like Playing a Violin
When you learn to play the violin, you don’t start with the most
beautiful violin
music ever written. You learn to play scales, a few easy pieces,
and then progress
to trickier and trickier music.
Similarly, when you start threat modeling, you need to practice
to learn the
skills, and it may involve challenges or frustration as you learn.
78. You need to
understand threat modeling as a set of skills, which you can
apply in a variety
of ways, and which take time to develop. You’ll get better if
you practice. If
you expect to compete with an expert overnight, you might be
disappointed.
Similarly, if you threat model only every few years, you should
expect to be
rusty, and it will take you time to rebuild the muscles you need.
Technique versus Repertoire
Continuing with the metaphor, the most talented violinist
doesn’t learn to play
a single piece, but they develop a repertoire, a set of knowledge
that’s relevant
to their fi eld.
As you get started threat modeling, you’ll need to develop both
techniques
and a repertoire—a set of threat examples that you can build
from to imagine
how new systems might be attacked. Attack lists or libraries can
act as a partial
www.it-ebooks.info
79. http://www.it-ebooks.info/
Introduction xxxiii
fl ast.indd 11:57:23:AM 01/17/2014 Page xxxiii
substitute for the mental repertoire of known threats an expert
knows about.
Reading about security issues in similar products can also help
you develop a
repertoire of threats. Over time, this can feed into how you
think about new and
different threats. Learning to think about threats is easier with
training wheels.
“Think Like an Attacker” Considered Harmful
A great deal of writing on threat modeling exhorts people to
“think like an
attacker.” For many people, that’s as hard as thinking like a
professional chef.
Even if you’re a great home cook, a restaurant-managing chef
has to wrestle
with problems that a home cook does not. For example, how
many chickens
should you buy to meet the needs of a restaurant with 78 seats,
each of which
80. will turn twice an evening? The advice to think like an attacker
doesn’t help
most people threat model.
Worse, you may end up with implicit or incorrect assumptions
about how an
attacker will think and what they will choose to do. Such
models of an attacker’s
mindset may lead you to focus on the wrong threats. You don’t
need to focus
on the attacker to fi nd threats, but personifi cation may help
you fi nd resources
to address them.
The Interplay of Attacks, Mitigations, & Requirements
Threat modeling is all about making more secure software. As
you use models
of software and threats to fi nd potential problems, you’ll
discover that some
threats are hard or impossible to address, and you’ll adjust
requirements to
match. This interplay is a rarely discussed key to useful threat
modeling.
Sometimes it’s a matter of wanting to defend against
administrators, other
81. times it’s a matter of what your customers will bear. In the
wake of the 9/11
hijackings, the US government reputedly gave serious
consideration to banning
laptops from airplanes. (A battery and a mass of explosives
reportedly look the
same on the x-ray machines.) Business customers, who buy last
minute expen-
sive tickets and keep the airlines aloft, threatened to revolt. So
the government
implemented other measures, whose effectiveness might be
judged with some
of the tools in this book.
This interplay leads to the conclusion that there are threats that
cannot be
effectively mitigated. That’s a painful thought for many security
professionals.
(But as the Man in Black said, “Life is pain, Highness! Anyone
who says differ-
ently is selling something.”) When you fi nd threats that violate
your requirements
and cannot be mitigated, it generally makes sense to adjust your
requirements.
82. Sometimes it’s possible to either mitigate the threat
operationally, or defer a
decision to the person using the system.
With that, it’s time to dive in and threat model!
www.it-ebooks.info
http://www.it-ebooks.info/
www.it-ebooks.info
http://www.it-ebooks.info/
c01.indd 11:33:50:AM 01/17/2014 Page 1
This part of the book is for those who are new to threat
modeling, and it assumes
no prior knowledge of threat modeling or security. It focuses on
the key new
skills that you’ll need to threat model and lays out a
methodology that’s designed
for people who are new to threat modeling.
Part I also introduces the various ways to approach threat
modeling using a
set of toy analogies. Much like there are many children’s toys
for modeling, there
83. are many ways to threat model. There are model kits with
precisely molded
parts to create airplanes or ships. These kits have a high degree
of fi delity and
a low level of fl exibility. There are also numerous building
block systems such
as Lincoln Logs, Erector Sets, and Lego blocks. Each of these
allows for more
fl exibility, at the price of perhaps not having a propeller that’s
quite right for
the plane you want to model.
In threat modeling, there are techniques that center on attackers,
assets, or
software, and these are like Lincoln Logs, Erector Sets, and
Lego blocks, in that
each is powerful and fl exible, each has advantages and
disadvantages, and it
can be tricky to combine them into something beautiful.
P a r t
I
Getting Started
www.it-ebooks.info
http://www.it-ebooks.info/
84. 2 Part I ■ Getting Started
c01.indd 11:33:50:AM 01/17/2014 Page 2
Part I contains the following chapters:
■ Chapter 1: Dive In and Threat Model! contains everything
you need to
get started threat modeling, and does so by focusing on four
questions:
■ What are you building?
■ What can go wrong?
■ What should you do about those things that can go wrong?
■ Did you do a decent job of analysis?
These questions aren’t just what you need to get started, but are
at the
heart of the four-step framework, which is the core of this book.
■ Chapter 2: Strategies for Threat Modeling covers a great
many ways
to approach threat modeling. Many of them are “obvious”
approaches,
such as thinking about attackers or the assets you want to
protect. Each
is explained, along with why it works less well than you hope.
These
85. and others are contrasted with a focus on software. Software is
what
you can most reasonably expect a software professional to
understand,
and so models of software are the most important lesson of
Chapter 2.
Models of software are one of the two models that you should
focus on
when threat modeling.
www.it-ebooks.info
http://www.it-ebooks.info/
3
c01.indd 11:33:50:AM 01/17/2014 Page 3
Anyone can learn to threat model, and what’s more, everyone
should. Threat
modeling is about using models to fi nd security problems.
Using a model means
abstracting away a lot of details to provide a look at a bigger
picture, rather than
the code itself. You model because it enables you to fi nd issues
in things you
86. haven’t built yet, and because it enables you to catch a problem
before it starts.
Lastly, you threat model as a way to anticipate the threats that
could affect you.
Threat modeling is fi rst and foremost a practical discipline, and
this chapter
is structured to refl ect that practicality. Even though this book
will provide you
with many valuable defi nitions, theories, philosophies,
effective approaches,
and well-tested techniques, you’ll want those to be grounded in
experience.
Therefore, this chapter avoids focusing on theory and ignores
variations for
now and instead gives you a chance to learn by experience.
To use an analogy, when you start playing an instrument, you
need to develop
muscles and awareness by playing the instrument. It won’t
sound great at the
start, and it will be frustrating at times, but as you do it, you’ll
fi nd it gets easier.
You’ll start to hit the notes and the timing. Similarly, if you use
the simple four-
step breakdown of how to threat model that’s exercised in Parts
87. I-III of this book,
you’ll start to develop your muscles. You probably know the old
joke about the
person who stops a musician on the streets of New York and
asks “How do I
get to Carnegie Hall?” The answer, of course, is “practice,
practice, practice.”
Some of that includes following along, doing the exercises, and
developing an
C H A P T E R
1
Dive In and Threat Model!
www.it-ebooks.info
http://www.it-ebooks.info/
4 Part I ■ Getting Started
c01.indd 11:33:50:AM 01/17/2014 Page 4
understanding of the steps involved. As you do so, you’ll start
to understand how
the various tasks and techniques that make up threat modeling
come together.
In this chapter you’re going to fi nd security fl aws that might
88. exist in a design,
so you can address them. You’ll learn how to do this by
examining a simple
web application with a database back end. This will give you an
idea of what
can go wrong, how to address it, and how to check your work.
Along the way,
you’ll learn to play Elevation of Privilege, a serious game
designed to help you
start threat modeling. Finally you’ll get some hands-on
experience building
your own threat model, and the chapter closes with a set of
checklists that help
you get started threat modeling.
Learning to Threat Model
You begin threat modeling by focusing on four key questions:
1. What are you building?
2. What can go wrong?
3. What should you do about those things that can go wrong?
4. Did you do a decent job of analysis?
In addressing these questions, you start and end with tasks that
all technolo-
89. gists should be familiar with: drawing on a whiteboard and
managing bugs. In
between, this chapter will introduce a variety of new techniques
you can use to
think about threats. If you get confused, just come back to these
four questions.
Everything in this chapter is designed to help you answer one of
these ques-
tions. You’re going to fi rst walk through these questions using
a three-tier web
app as an example, and after you’ve read that, you should walk
through the
steps again with something of your own to threat model. It
could be software
you’re building or deploying, or software you’re considering
acquiring. If you’re
feeling uncertain about what to model, you can use one of the
sample systems
in this chapter or an exercise found in Appendix E, “Case
Studies.”
The second time you work through this chapter, you’ll need a
copy of the
Elevation of Privilege threat-modeling game. The game uses a
deck of cards
that you can download free from
90. http://www.microsoft.com/security/sdl/
adopt/eop.aspx. You should get two–four friends or colleagues
together for
the game part.
You start with building a diagram, which is the fi rst of four
major activities
involved in threat modeling and is explained in the next section.
The other
three include fi nding threats, addressing them, and then
checking your work.
www.it-ebooks.info
http://www.it-ebooks.info/
Chapter 1 ■ Dive In and Threat Model! 5
c01.indd 11:33:50:AM 01/17/2014 Page 5
What Are You Building?
Diagrams are a good way to communicate what you are
building. There are
lots of ways to diagram software, and you can start with a
whiteboard diagram
of how data fl ows through the system. In this example, you’re
working with
91. a simple web app with a web browser, web server, some
business logic and a
database (see Figure 1-1).
Web browser Web server Business Logic Database
Figure 1-1: A whiteboard diagram
Some people will actually start thinking about what goes wrong
right here.
For example, how do you know that the web browser is being
used by the person
you expect? What happens if someone modifi es data in the
database? Is it OK
for information to move from one box to the next without being
encrypted? You
might want to take a minute to think about some things that
could go wrong
here because these sorts of questions may lead you to ask “is
that allowed?”
You can create an even better model of what you’re building if
you think about
“who controls what” a little. Is this a website for the whole
Internet, or is it an
intranet site? Is the database on site, or at a web provider?
For this example, let’s say that you’re building an Internet site,
92. and you’re
using the fi ctitious Acme storage-system. (I’d put a specifi c
product here, but
then I’d get some little detail wrong and someone, certainly not
you, would
get all wrapped around the axle about it and miss the threat
modeling lesson.
Therefore, let’s just call it Acme, and pretend it just works the
way I’m saying.
Thanks! I knew you’d understand.)
Adding boundaries to show who controls what is a simple way
to improve
the diagram. You can pretty easily see that the threats that cross
those bound-
aries are likely important ones, and may be a good place to start
identifying
threats. These boundaries are called trust boundaries, and you
should draw
www.it-ebooks.info
http://www.it-ebooks.info/
6 Part I ■ Getting Started
c01.indd 11:33:50:AM 01/17/2014 Page 6
93. them wherever different people control different things. Good
examples of this
include the following:
■ Accounts (UIDs on unix systems, or SIDS on Windows)
■ Network interfaces
■ Different physical computers
■ Virtual machines
■ Organizational boundaries
■ Almost anywhere you can argue for different privileges
T R U S T B O U N DA RY V E R S U S AT TAC K S U R FAC
E
A closely related concept that you may have encountered is
attack surface. For example,
the hull of a ship is an attack surface for a torpedo. The side of
a ship presents a larger
attack surface to a submarine than the bow of the same ship.
The ship may have inter-
nal “trust” boundaries, such as waterproof bulkheads or a
Captain’s safe. A system that
exposes lots of interfaces presents a larger attack surface than
one that presents few
94. APIs or other interfaces. Network fi rewalls are useful
boundaries because they reduce the
attack surface relative to an external attacker. However, much
like the Captain’s safe, there
are still trust boundaries inside the fi rewall. A trust boundary
and an attack surface are
very similar views of the same thing. An attack surface is a
trust boundary and a direction
from which an attacker could launch an attack. Many people
will treat the terms are inter-
changeable. In this book, you’ll generally see “trust boundary”
used.
In your diagram, draw the trust boundaries as boxes (see Figure
1-2), show-
ing what’s inside each with a label (such as “corporate data
center”) near the
edge of the box.
Web browser Web server
Corporate data center
Web storage
(offsite)
Business Logic Database
Figure 1-2: Trust boundaries added to a whiteboard diagram
95. www.it-ebooks.info
http://www.it-ebooks.info/
Chapter 1 ■ Dive In and Threat Model! 7
c01.indd 11:33:50:AM 01/17/2014 Page 7
As your diagram gets larger and more complex, it becomes easy
to miss
a part of it, or to become confused by labels on the data fl ows.
Therefore, it
can be very helpful to number each process, data fl ow, and data
store in the
diagram, as shown in Figure 1-3. (Because each trust boundary
should have a
unique name, representing the unique trust inside of it, there’s
limited value
to numbering those.)
Web browser Web server
1 2 3 4 5 6 7
Corporate data center
Web storage
(offsite)
Business Logic Database
Figure 1-3: Numbers and trust boundaries added to a whiteboard
96. diagram
Regarding the physical form of the diagram: Use whatever
works for you.
If that’s a whiteboard diagram and a camera phone picture,
great. If it’s Visio,
or OmniGraffl e, or some other drawing program, great. You
should think of
threat model diagrams as part of the development process, so try
to keep it in
source control with everything else.
Now that you have a diagram, it’s natural to ask, is it the right
diagram? For
now, there’s a simple answer: Let’s assume it is. Later in this
chapter there are
some tips and checklists as well as a section on updating the
diagram, but at
this stage you have a good enough diagram to get started on
identifying threats,
which is really why you bought this book. So let’s identify.
What Can Go Wrong?
Now that you have a diagram, you can really start looking for
what can go wrong
with its security. This is so much fun that I turned it into a
97. game called, Elevation
of Privilege. There’s more on the game in Appendix D,
“Elevation of Privilege:
The Cards,” which discusses each card, and in Chapter 11,
“Threat Modeling
Tools,” which covers the history and philosophy of the game,
but you can get
started playing now with a few simple instructions. If you
haven’t already done
so, download a deck of cards from
http://www.microsoft.com/security/sdl/
adopt/eop.aspx. Print the pages in color, and cut them into
individual cards.
Then shuffl e the deck and deal it out to those friends you’ve
invited to play.
www.it-ebooks.info
http://www.it-ebooks.info/
8 Part I ■ Getting Started
c01.indd 11:33:50:AM 01/17/2014 Page 8
N O T E Some people aren’t used to playing games at work.
Others approach new
games with trepidation, especially when those games involve
long, complicated instruc-
98. tions. Elevation of Privilege takes just a few lines to explain.
You should give it a try.
How To Play Elevation of Privilege
Elevation of Privilege is a serious game designed to help you
threat model. A
sample card is shown in Figure 1-4. You’ll notice that like
playing cards, it has a
number and suit in the upper left, and an example of a threat as
the main text on
the card. To play the game, simply follow the instructions in the
upcoming list.
Tampering
An attacker can take
advantage of your custom key
exchange or integrity control
which you built instead of
using standard crypto.
Figure 1-4: An Elevation of Privilege card
1. Deal the deck. (Shuffl ing is optional.)
2. The person with the 3 of Tampering leads the fi rst round.
(In card games
like this, rounds are also called “tricks” or “hands.”)
www.it-ebooks.info
http://www.it-ebooks.info/
99. Chapter 1 ■ Dive In and Threat Model! 9
c01.indd 11:33:50:AM 01/17/2014 Page 9
3. Each round works like so:
A. Each player plays one card, starting with the person leading
the round,
and then moving clockwise.
B. To play a card, read it aloud, and try to determine if it
affects the
system you have diagrammed. If you can link it, write it down,
and
score yourself a point. Play continues clockwise with the next
player.
C. When each player has played a card, the player who has
played the
highest card wins the round. That player leads the next round.
4. When all the cards have been played, the game ends and the
person with
the most points wins.
5. If you’re threat modeling a system you’re building, then you
go fi le any
bugs you fi nd.
100. There are some folks who threat model like this in their sleep,
or even have
trouble switching it off. Not everyone is like that. That’s OK.
Threat modeling
is not rocket science. It’s stuff that anyone who participates in
software devel-
opment can learn. Not everyone wants to dedicate the time to
learn to do it in
their sleep.
Identifying threats can seem intimidating to a lot of people. If
you’re one of
them, don’t worry. This section is designed to gently walk you
through threat
identifi cation. Remember to have fun as you do this. As one
reviewer said:
“Playing Elevation of Privilege should be fun. Don’t downplay
that. We play it
every Friday. It’s enjoyable, relaxing, and still has business
value.”
Outside of the context of the game, you can take the next step in
threat model-
ing by thinking of things that might go wrong. For instance,
how do you know
that the web browser is being used by the person you expect?
What happens
101. if someone modifi es data in the database? Is it OK for
information to move
from one box to the next without being encrypted? You don’t
need to come up
with these questions by just staring at the diagram and
scratching your chin. (I
didn’t!) You can identify threats like these using the simple
mnemonic STRIDE,
described in detail in the next section.
Using the STRIDE Mnemonic to Find Threats
STRIDE is a mnemonic for things that go wrong in security. It
stands for Spoofi ng,
Tampering, Repudiation, Information Disclosure, Denial of
Service, and Elevation
of Privilege:
■ Spoofi ng is pretending to be something or someone you’re
not.
www.it-ebooks.info
http://www.it-ebooks.info/
10 Part I ■ Getting Started
c01.indd 11:33:50:AM 01/17/2014 Page 10
102. ■ Tampering is modifying something you’re not supposed to
modify. It can
include packets on the wire (or wireless), bits on disk, or the
bits in memory.
■ Repudiation means claiming you didn’t do something
(regardless of
whether you did or not).
■ Denial of Service are attacks designed to prevent a system
from provid-
ing service, including by crashing it, making it unusably slow,
or fi lling
all its storage.
■ Information Disclosure is about exposing information to
people who are
not authorized to see it.
■ Elevation of Privilege is when a program or user is
technically able to
do things that they’re not supposed to do.
N O T E This is where Elevation of Privilege, the game, gets
its name. This book uses
Elevation of Privilege, italicized, or abbreviated to EoP, for the
game—to avoid confusion
with the threat.
Recall the three example threats mentioned in the preceding
section:
103. ■ How do you know that the web browser is being used by the
person you
expect?
■ What happens if someone modifi es data in the database?
■ Is it ok for information to go from one box to the next
without being encrypted?
These are examples of spoofi ng, tampering, and information
disclosure. Using
STRIDE as a mnemonic can help you walk through a diagram
and select example
threats. Pair that with a little knowledge of security and the
right techniques,
and you’ll fi nd the important threats faster and more reliably.
If you have a
process in place for ensuring that you develop a threat model,
document it, and
you can increase confi dence in your software.
Now that you have STRIDE in your tool belt, walk through your
diagram
again and look for more threats, this time using the mnemonic.
Make a list as
you go with the threat and what element of the diagram it
affects. (Generally,
104. the software, data fl ow, or storage is affected, rather than the
trust boundary.)
The following list provides some examples of each threat.
■ Spoofi ng: Someone might pretend to be another customer, so
you’ll need a
way to authenticate users. Someone might also pretend to be
your website, so
you should ensure that you have an SSL certifi cate and that you
use a single
domain for all your pages (to help that subset of customers who
read URLs
to see if they’re in the right place). Someone might also place a
deep link to
one of your pages, such as logout.html or placeorder.aspx. You
should be
checking the Referrer fi eld before taking action. That’s not a
complete solution
to what are called CSRF (Cross Site Request Forgery) attacks,
but it’s a start.
www.it-ebooks.info
http://www.it-ebooks.info/
Chapter 1 ■ Dive In and Threat Model! 11
c01.indd 11:33:50:AM 01/17/2014 Page 11
105. ■ Tampering: Someone might tamper with the data in your back
end at
Acme. Someone might tamper with the data as it fl ows back
and forth
between their data center and yours. A programmer might
replace the
operational code on the web front end without testing it,
thinking they’re
uploading it to staging. An angry programmer might add a
coupon code
“PayBobMore” that offers a 20 percent discount on all goods
sold.
■ Repudiation: Any of the preceding actions might require
digging into
what happened. Are there system logs? Is the right information
being
logged effectively? Are the logs protected against tampering?
■ Information Disclosure: What happens if Acme reads your
database?
Can anyone connect to the database and read or write
information?
■ Denial of Service: What happens if a thousand customers
show up at
once at the website? What if Acme goes down?
■ Elevation of Privilege: Perhaps the web front end is the only
place
106. customers should access, but what enforces that? What prevents
them
from connecting directly to the business logic server, or
uploading new
code? If there’s a fi rewall in place, is it correctly confi gured?
What controls
access to your database at Acme, or what happens if an
employee at Acme
makes a mistake, or even wants to edit your fi les?
The preceding possibilities aren’t intended to be a complete list
of how each
threat might manifest against every model. You can fi nd a more
complete list
in Chapter 3, “STRIDE.” This shorter version will get you
started though, and
it is focused on what you might need to investigate based on the
very simple
diagram shown in Figure 1-2. Remember the musical instrument
analogy. If
you try to start playing the piano with Ravel’s Gaspard
(regarded as one of the
most complex piano pieces ever written), you’re going to be
frustrated.
Tips for Identifying Threats
107. Whether you are identifying threats using Elevation of
Privilege, STRIDE, or both,
here are a few tips to keep in mind that can help you stay on the
right track to
determine what could go wrong:
■ Start with external entities: If you’re not sure where to start,
start with
the external entities or events which drive activity. There are
many other
valid approaches though: You might start with the web browser,
look-
ing for spoofi ng, then tampering, and so on. You could also
start with
the business logic if perhaps your lead developer for that
component is
in the room. Wherever you choose to begin, you want to aspire
to some
level of organization. You could also go in “STRIDE order”
through the
diagram. Without some organization, it’s hard to tell when
you’re done,
but be careful not to add so much structure that you stifl e
creativity.
www.it-ebooks.info
108. http://www.it-ebooks.info/
12 Part I ■ Getting Started
c01.indd 11:33:50:AM 01/17/2014 Page 12
■ Never ignore a threat because it’s not what you’re looking
for right now.
You might come up with some threats while looking at other
categories.
Write them down and come back to them. For example, you
might have
thought about “can anyone connect to our database,” which is
listed under
information disclosure, while you were looking for spoofi ng
threats. If so,
that’s awesome! Good job! Redundancy in what you fi nd can
be tedious,
but it helps you avoid missing things. If you fi nd yourself
asking whether
“someone not authorized to connect to the database who reads
informa-
tion” constitutes spoofi ng or information disclosure, the answer
is, who
cares? Record the issue and move along to the next one.
STRIDE is a tool
109. to guide you to threats, not to ask you to categorize what you’ve
found;
it makes a lousy taxonomy, anyway. (That is to say, there are
plenty of
security issues for which you can make an argument for various
different
categorizations. Compare and contrast it with a good taxonomy,
such
as the taxonomy of life. Does it have a backbone? If so, it’s a
vertebrae.)
■ Focus on feasible threats: Along the way, you might come up
with threats
like “someone might insert a back door at the chip factory,” or
“someone
might hire our janitorial staff to plug in a hardware key logger
and steal
all our passwords.” These are real possibilities but not very
likely com-
pared to using an exploit to attack a vulnerability for which you
haven’t
applied the patch, or tricking someone into installing software.
There’s
also the question of what you can do about either, which brings
us to the
next section.
110. Addressing Each Threat
You should now have a decent-sized list or lists of threats. The
next step in the
threat modeling process is to go through the lists and address
each threat. There
are four types of action you can take against each threat:
Mitigate it, eliminate
it, transfer it, or accept it. The following list looks briefl y at
each of these ways
to address threats, and then in the subsequent sections you will
learn how to
address each specifi c threat identifi ed with the STRIDE list in
the “What Can
Go Wrong” section. For more details about each of the
strategies and techniques
to address these threats, see Chapters 8 and 9, “Defensive
Building Blocks” and
“Tradeoffs When Addressing Threats.”
■ Mitigating threats is about doing things to make it harder to
take advan-
tage of a threat. Requiring passwords to control who can log in
mitigates
the threat of spoofi ng. Adding password controls that enforce
complex-
111. ity or expiration makes it less likely that a password will be
guessed or
usable if stolen.
■ Eliminating threats is almost always achieved by eliminating
features. If
you have a threat that someone will access the administrative
function of
www.it-ebooks.info
http://www.it-ebooks.info/
Chapter 1 ■ Dive In and Threat Model! 13
c01.indd 11:33:50:AM 01/17/2014 Page 13
a website by visiting the /admin/URL, you can mitigate it with
passwords
or other authentication techniques, but the threat is still present.
You can
make it less likely to be found by using a URL like
/j8e8vg21euwq/, but
the threat is still present. You can eliminate it by removing the
interface,
handling administration through the command line. (There are
still threats
associated with how people log in on a command line. Moving
112. away from
HTTP makes the threat easier to mitigate by controlling the
attack surface.
Both threats would be found in a complete threat model.)
Incidentally,
there are other ways to eliminate threats if you’re a mob boss or
you run
a police state, but I don’t advocate their use.
■ Transferring threats is about letting someone or something
else handle the
risk. For example, you could pass authentication threats to the
operating
system, or trust boundary enforcement to a fi rewall product.
You can also
transfer risk to customers, for example, by asking them to click
through
lots of hard-to-understand dialogs before they can do the work
they
need to do. That’s obviously not a great solution, but sometimes
people
have knowledge that they can contribute to making a security
tradeoff.
For example, they might know that they just connected to a
coffee shop
113. wireless network. If you believe the person has essential
knowledge to
contribute, you should work to help her bring it to the decision.
There’s
more on doing that in Chapter 15, “Human Factors and
Usability.”
■ Accepting the risk is the fi nal approach to addressing
threats. For most
organizations most of the time, searching everyone on the way
in and out
of the building is not worth the expense or the cost to the
dignity and
job satisfaction of those workers. (However, diamond mines and
some-
times government agencies take a different approach.)
Similarly, the cost
of preventing someone from inserting a back door in the
motherboard
is expensive, so for each of these examples you might choose to
accept
the risk. And once you’ve accepted the risk, you shouldn’t
worry over it.
Sometimes worry is a sign that the risk hasn’t been fully
accepted, or that
the risk acceptance was inappropriate.
114. The strategies listed in the following tables are intended to
serve as examples
to illustrate ways to address threats. Your “go-to” approach
should be to miti-
gate threats. Mitigation is generally the easiest and the best for
your customers.
(It might look like accepting risk is easier, but over time,
mitigation is easier.)
Mitigating threats can be hard work, and you shouldn’t take
these examples
as complete. There are often other valid ways to address each of
these threats,
and sometimes trade-offs must be made in the way the threats
are addressed.
Addressing Spoofi ng
Table 1-1 and the list that follows show targets of spoofi ng,
mitigation strategies
that address spoofi ng, and techniques to implement those
mitigations.
www.it-ebooks.info
http://www.it-ebooks.info/
14 Part I ■ Getting Started
115. c01.indd 11:33:50:AM 01/17/2014 Page 14
Table 1-1: Addressing Spoofi ng Threats
THREAT
TARGET MITIGATION STRATEGY MITIGATION
TECHNIQUE
Spoofi ng a
person
Identifi cation and authen-
tication (usernames and
something you know/have/
are)
Usernames, real names, or other identifi ers:
❖ Passwords
❖ Tokens
❖ Biometrics
Enrollment/maintenance/expiry
Spoofi ng a “fi le”
on disk
116. Leverage the OS ❖ Full paths
❖ Checking ACLs
❖ Ensuring that pipes are created properly
Cryptographic
authenticators
Digital signatures or authenticators
Spoofi ng a net-
work address
Cryptographic ❖ DNSSEC
❖ HTTPS/SSL
❖ IPsec
Spoofi ng a
program in
memory
Leverage the OS Many modern operating systems have
some form of application identifi er that the
OS will enforce.
■ When you’re concerned about a person being spoofed, ensure
that each
117. person has a unique username and some way of authenticating.
The tradi-
tional way to do this is with passwords, which have all sorts of
problems
as well as all sorts of advantages that are hard to replicate. See
Chapter
14, “Accounts and Identity” for more on passwords.
■ When accessing a fi le on disk, don’t ask for the fi le with
open(file). Use
open(/path/to/file). If the fi le is sensitive, after opening, check
vari-
ous security elements of the fi le descriptor (such as fully
resolved name,
permissions, and owner). You want to check with the fi le
descriptor to
avoid race conditions. This applies doubly when the fi le is an
executable,
although checking after opening can be tricky. Therefore, it may
help to
ensure that the permissions on the executable can’t be changed
by an
attacker. In any case, you almost never want to call exec() with
./file.
■ When you’re concerned about a system or computer being
118. spoofed when
it connects over a network, you’ll want to use DNSSEC, SSL,
IPsec, or a
combination of those to ensure you’re connecting to the right
place.
www.it-ebooks.info
http://www.it-ebooks.info/
Chapter 1 ■ Dive In and Threat Model! 15
c01.indd 11:33:50:AM 01/17/2014 Page 15
Addressing Tampering
Table 1-2 and the list that follows show targets of tampering,
mitigation strate-
gies that address tampering, and techniques to implement those
mitigations.
Table 1-2: Addressing Tampering Threats
THREAT TARGET
MITIGATION
STRATEGY MITIGATION TECHNIQUE
Tampering with a fi le Operating system ACLs
Cryptographic ❖ Digital Signatures
119. ❖ Keyed MAC
Racing to create a fi le
(tampering with the fi le
system)
Using a directory that’s
protected from arbitrary
user tampering
ACLs
Using private directory structures
(Randomizing your fi le names just
makes it annoying to execute the
attack.)
Tampering with a net-
work packet
Cryptographic ❖ HTTPS/SSL
❖ IPsec
Anti-pattern Network isolation (See note on
network isolation anti-pattern.)
120. ■ Tampering with a fi le: Tampering with fi les can be easy if
the attacker
has an account on the same machine, or by tampering with the
network
when the fi les are obtained from a server.
■ Tampering with memory: The threats you want to worry
about are those
that can occur when a process with less privileges than you, or
that you
don’t trust, can alter memory. For example, if you’re getting
data from a
shared memory segment, is it ACLed so only the other process
can see it?
For a web app that has data coming in via AJAX, make sure you
validate
that the data is what you expect after you pull in the right
amount.
■ Tampering with network data: Preventing tampering with
network data
requires dealing with both spoofi ng and tampering. Otherwise,
someone
who wants to tamper can simply pretend to be the other end,
using what’s
called a man-in-the-middle attack. The most common solution
to these
problems is SSL, with IP Security (IPsec) emerging as another
121. possibility.
SSL and IPsec both address confi dentiality and tampering, and
can help
address spoofi ng.
www.it-ebooks.info
http://www.it-ebooks.info/
16 Part I ■ Getting Started
c01.indd 11:33:50:AM 01/17/2014 Page 16
■ Tampering with networks anti-pattern: It’s somewhat
common for peo-
ple to hope that they can isolate their network, and so not worry
about
tampering threats. It’s also very hard to maintain isolation over
time.
Isolation doesn’t work as well as you would hope. For example,
the isolated
United States SIPRNet was thoroughly infested with malware,
and the
operation to clean it up took 14 months (Shachtman, 2010).
N O T E A program can’t check whether it’s authentic after it
loads. It may be
possible for something to rely on “trusted bootloaders” to