Can you Please respond the posts attached.

Student1:

Threat modeling is a strategy of risk management to secure software assets by predicting the nature of attack and use to good advantage of software vulnerabilities from the perspectives of attacker and develop plans.[1] The strategy is used as a measure to prevent the attacks from being accomplished.

Threat modeling helps in development team and the security team and to interpret the discovered vulnerabilities that are possible in an event of an attack. It is a schematic representation to identify the security that has been compromised and to determine the attack surface of the software by examining its boundaries, vulnerabilities and lack of design specifications.[2] As the model is based on security needs of software, it must be performed after the security requirements are complete.

Observations:

1. Software attacks are a chain of uncomplicated activities performed at any point.
2. Attacks involve in interaction and operations of objects related to many software.
3. Software security requirements suffer due to over-specifications and lack of reusable threat models.[3]

Based on the observations, hybrid techniques for threat modeling is helpful as it is the combination of two or more threat model techniques that could be upgrade and protect the security systems. Many methods have been proposed like attack trees [4], Misuse cases, variations of UML Use Case model [5], etc. These models ensure the design, implementation and testing on the risk effecting the business by providing security, guarantee, maintenance and confirmation of satisfaction while no security systems are violated.

Student2:

why organizations create threat models?

Organizations create a threat model to enable them to describe a software system, and then enumerate and evaluate possible happenings to evaluate their impacts. If needed, the system design can be redesigned to prevent them or to reduce their impacts.

Summary of the weekly article

Imperva Breach Hits Cloud Customers found from https://www.infosecurity-magazine.com/news/imperva-breach-hits-cloud-customers/

The news is about Security vendor Imperva which revealed an incident which exposed sensitive data on some of its clients including API keys and SSL certificates. It was on August 20, 2019, when this organization was informed by a third party of a data exposure that affected a subset of customers of their Cloud WAF product who had accounts through September 15, 2017, Elements of their Incapsula client database through September 15, 2017 were exposed. These included: email addresses; hashed and salted passwords. And for a subset of the Incapsula customers through September 15, 2017: API keys; customer-provided SSL certificates.” Imperva notified the relevant regulatory authorities and customers and worked with a forensic expert to find out what happened. It has also implemented forced password rotations and 90-day expirations in the Cloud WAF product.

Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.