Select Page

Expert Answer :What differences and similarities would be present

by | Feb 6, 2025 | Programming | 0 comments

  

Solved by verified expert:In approximately 300 words, answer the question below. Follow APA guidelines.What differences and similarities would be present in account life cycle management for a company with 50 employees versus a company with 5,000 employees?
isol_536___week_5___threat_modeling_in_technologies_part_1___chapter_12.pdf

isol_536___week_5___threat_modeling_in_technologies_part_1___chapter_13.pdf

isol_536___week_5___threat_modeling_in_technologies_part_1___chapter_14.pdf

Unformatted Attachment Preview

ISOL 536
Security Architecture and Design
Threat Modeling in Technologies
• Interplay of requirements, threats, and
mitigations
– Some threats violate requirements
– Some threats create new requirements
– What is reasonable, practical, and right?
Requirements
Threats
Mitigations
Threat Modeling in Technologies
– Requirements





Business requirements
Industry requirements
Regulatory and compliance requirements
Use cases
Develop vs. acquire
– Risk assurance
• Control sets are complex
Threat Modeling in Technologies
– Security Framework for Evaluating Requirements
• Prevent
– Operational requirements
» Isolation
» Least user access
» Account management
– Vulnerability requirements
» Discovery
» Patching/fixing
» Reporting
» Tracking components
» Configuration management
Threat Modeling in Technologies
– Security Framework for Evaluating Requirements
• Detection
– Incidents
» Logs
» Host and Network intrusion detection
» Changes and anomalies
» Signatures
– Operational requirements
– Production requirements
Threat Modeling in Technologies
– People/Process/Technology Framework for
Evaluating Requirements
• People: trustworthiness and skills
• Process: user or operations guides
• Technology: diagrams and models
Threat Modeling in Technologies
– Privacy topics






Continues to be sensitive
Technical capabilities make privacy more daunting
What are social expectations for privacy?
Fair Information Practices
Designing for privacy
Laws and standards
– Microsoft standards
– AINCAA
• How to effectively authenticate and not violate privacy?
ISOL 536
Security Architecture and Design
Threat Modeling in Technologies
• Web and cloud threats
– Hosting environments (IaaS, PaaS, Saas)
• Lacking management and maintenance
• Target rich environment
– End points
• Browser security
• Plug-ins and add-ons
• Lacking or non standard configuration
– People





Insiders
Co-tenants
High targeted tenants
Tenant behavior
Fraud
Threat Modeling in Technologies

Web and cloud protection
– Hosting environments





Libraries, patterns, frameworks do their part
Standards help too
Effective forensics
Defense in depth
Redundancy
– End points



Effective authentication and authorization
Two factor and multi factor
Virtual desktop infrastructure
– People




Compliance entities
Separate duties
Audits and inspections
Diligence
– Threat modeling is still necessary
Threat Modeling in Technologies
• Cloud computing





Simplifies computing needs
Economical, effective, and efficient
Allows business to focus on core competency
Current generation of education/certification
Examples of vendor neutral security certifications:





Cloud Security Alliance – CCSK
ISC2 – CCSP
EXIN – CISCS
CompTIA – CompTIA Cloud+
Cloud Credential Council – PCSM
ISOL 536
Security Architecture and Design
Threat Modeling in Technologies
• Account vs. identity
• Internal vs. customer
• Categories of accounts
– User accounts: used by people
– Service accounts: used by automation
• Types of user accounts
– 1 to 1 accounts
– 1 to many accounts (federated)
– Shared accounts
Threat Modeling in Technologies
• Lifecycle
– Creation
• Event driven
• Opt in
– Maintenance
• Per policy
• Per cycle
• Upon changes
– Disable/Delete
• Inactivity
• Termination
• Cancellation
Threat Modeling in Technologies
• Life cycle checklist
– Checklist should be driven by policy and/or legal
and regulatory requirements
– Checklist should be reviewed and adjusted
periodically
– Checklist should be practiced based on predetermined events
• Inactivity
• Termination
• Cancellation
Threat Modeling in Technologies
• Authentication vs. Authorization
• Methods of authentication
– Single factor
– Two factor
– Multi-channel
– Social
– Knowledge based
• Authentication failures
– Precautions for account unlocks and failures
Threat Modeling in Technologies
• What you have, know, and are
– Benefits and issues
• Threats:
– Theft of what you have and know
– Loss or destruction of what you have
– Tampering with what you know and are
– Biometric images (fingerprint)
– Attacks and compromise
– Expiration and human factors
Threat Modeling in Technologies
• Recovery authentication credentials
– What you know?
– What you have?
– What you are?
– Timing and method of regaining access
– Policy for account recovery
Threat Modeling in Technologies
• Zooko’s Triangle
Human-meaningful
Secure
Decentralized
Threat Modeling in Technologies
• Use of identity or identifiers for authentication
– Archaic
– No longer safe or confidential
– Prone to compromise
– Identify theft is rampant
– Policy for use of identifiers

Purchase answer to see full
attachment

Order a plagiarism free paper now. We do not use AI. Use the code SAVE15 to get a 15% Discount

Looking for help with your ASSIGNMENT? Our paper writing service can help you achieve higher grades and meet your deadlines.

Why order from us

We offer plagiarism-free content

We don’t use AI

Confidentiality is guaranteed

We guarantee A+ quality

We offer unlimited revisions

Submit a Comment

Your email address will not be published. Required fields are marked *