A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:
- User authentication and credentials with third-party applications
- 3 common security risks with ratings: low, medium or high
- Justification of your threat model (why it was chosen over the other two: compare and contrast)
You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.
Your paper should meet the following requirements:
- Be approximately four to six pages in length, not including the required cover page and reference page. (Remember, APA is double spaced)
- Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
- Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The school Library is a great place to find resources.
- Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.
Please read the following this week:
Chapters 6, 7, and 8 in the course textbook
- Cagnazzo, M., Hertlein, M., Holz, T., & Pohlmann, N. (2018). Threat Modeling for Mobile Health Systesm. ResearchGate. http://10.1109/WCNCW.2018.8369033
- Franchi, Enrico & Poggi, Agostino & Tomaiuolo, Michele. (2017). Information and Password Attacks on Social Networks: An Argument for Cryptography. Journal of Information Technology Research, 8. 25-42. http://10.4018/JITR.2015010103
- Ruiz, N., Bargal, S.A., & Sclaroff, S. (2020). Disrupting DeepFakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems.
- Tabari, A. Z., & Ou, X. (2020). A First Step Towards Understanding Real-world Attacks on IoT Devices.