Threat Modeling

Question 1

Textbook:
UcedaVelez, Tony & Marco M. Morana
Risk Centric Threat Modeling, 1st Edition (2015). Wiley Press. 
ISBN-13: 978-0-118-98837-4 (digital version)

Read: Chapter 1

Select one from either Option A or Option B, below, as your primary topic.

Option A – Write a short summary of threat modeling for your CISO and provide any recommended actions your company should take to implement threat modeling. Assume your company is a Fortune 1000 company located in San Diego and you handle sensitive data including PII, as well as valuable intellectual property.

Option B – Your CISO is presenting an updated Information Security Plan to the Board of Directors. You are tasked with writing a brief description of three key terms – Threats, Vulnerabilities, and Risks – so that the non-technical directors will be able to understand the differences between them, how they relate to each other, and how each one applies to the security plan. The directors may be non-technical; however, they are business people, so your comments should be in a business context they will understand.

Question 2

You are the CISO of a large company. Using your own machine as an example, tell me how you would harden your own machine and how you would harden machines across the company, using ideas garnered from this class.

Guidelines
Your essay should include:

• APA formatting: cover page, references page, 12-point Times New Roman, and double spacing
• Include a cover page formatted to APA specifications
• Include a references page and at least two references beyond the course textbook
• Length: one to two pages (double-spaced)
• Click the Submit Assignment button below to upload your assignment to Turnitin