Question

Threat modelling report in response to a case scenario by identifying the
threat types and key factors involved.write a report to identify the threat types
and key factors involved. In doing so, required to identify the most ‘at-risk’ components, create
awareness among the staff of such high-risk components and how to manage them. In addition, this report is to
help key stakeholders, including the executive managers, to make decisions on what course of actions must be
undertaken to mitigate potential threats.

Draw a use DFDs (Data Flow Diagrams):
• Include processes, data stores, data flows
• Include trust boundaries (Add trust boundaries that intersect data flows)
• Iterate over processes, data stores, and see where they need to be broken down
• Enumerate assumptions, dependencies
• Number everything (if manual)

-

Determine the threat types that might impact your system
• STRIDE/Element: Identifying threats to the system.
• Understanding the threats (threat, property, definition)

Case Scenario The Business & Communication Insurance (B&C Insurance) began business as a private health insurer, established by Gary RT.L & family in 1965 through the Health Insurance Commission. This company was set up to compete with private "for-profit" funds. The company's headquarters is located in New York and has offices in various other countries including Spain, Australia and Hong Kong. The CEO of the B&C Insurance recently received a ransom email from an unknown company claiming that they have access to the company strategic plans and personal details of 200,000 clients. A sample of personal details of 200 clients was included in the email as a 'proof'. Ransom emails are normally sent through unreliable external networks that are outside the company's security boundary. The CEO consulted the senior management and they acted promptly to investigate and contain the threat with the aid of forensic computer specialists. The first step was to validate the threat. The management team found a discussion on a hacker site in the dark net that had personal information of 200,000 clients of B&C Insurance for sale. This also included the details of the 200 clients, provided in the ransom email as 'proof. The investigation also confirmed that the details of the 200 customers are genuine. The senior management considered the need to identify threats and give practical guidance on how to manage the risks of identity fraud to be of utmost importance. Therefore, a team of consultants was appointed to prepare a series of reports to identify various threats and to develop cybersecurity crisis management plans in order to respond to potential threats/risks of sophisticated hackers penetrating into the internal systems of the company and accessing client information. As the cybersecurity specialist in the team, you have been asked to write a report to identify the threat types and key factors involved. In doing so, you are required to identify the most at-risk' components, create awareness among the staff of such high-risk components and how to manage them. In addition, this report is to help key stakeholders, including the executive managers, to make decisions on what course of actions must be undertaken to mitigate potential threats.

Answer 1

Solution:

Given information:
A Company name B&C Insurance established in 1965 headquatered in NY, having global locations in other countries.
A ransom email had been recieved on the company's email claiming to expose the strategic plans and data of 200,000 clients.
Sample of 200 clients data is included in the email.

Output required.
A report that covers the "Threat Analysis" and "Actions to manage the risks".
Data flow diagrams covering processes, data stores and data flows[Attached Image]
Trust boundaries that intersect data flows.
Drill deep into processes and practices
Enumerate assumptions, dependencies.

Answer is prepared in following way.[Chronological investigation] [Keypoints and findings are included in between to understand the flow of information.]
1. Investigate and collect data about the threat.
2. Company's current security practices.
3. Analyse the data collected from above 2 points.
4. Sharing the results after analysis and suggesting course of action.

1. Investigate and collect data about the threat.
Mail threat recieved [Verify the threat: Validated]
Claimed to have 2 sets of information.[1. Strategic plans] and [2. Personal data of 200,000 clients]
[Personal data of 200,000 clients is also available for sale on some hacker site.]
[Attached data of 200 customers are genuine]

Key Point#1
[Considering a case where to support the claim, discssion is initiated on the hacker site.]

key Point#2
[Personal details of employees may be available on some professional inter-company portals and with some extra work, possible to find the data.]

Ransom email recieved.[Identify the source]
Source of email is generally some unreliable network from where it is difficult to trace out the data.

Key Point#3
[Identifying the origin of email will help in investigation[Priority#2]. However, providing more protection from now on-wards is more important[Priority#1]]

[Findings]
[Identify the system from which data has been stolen]
[Is data still accessible]
[What are others threats to the company]
[Need to verify whether strategic data is really leaked or not]

2. Company's current security practices.

Key Point#4
[Personal details and strategic plans are very critical information to any company, compromisation of details means attacker may have other access.]
ASSUMPTIONS{As these details are not given, general assumptions are as below]
1. Critical information is stored at headquarter office only.
2. Personal details are stored respectively at each office and at central office.
3. Company's internally developed system maintains all daily communications, mails and file exchanges.
4. Email systems can be handled via app via mobile.
5. Company's emails and documents are not allowed to sent on outside network/email.
6. No mails are allowed from outside network expect some senior employees.
7. All employees stick to above rules as security policies.

3. Analyse the data collected from above 2 points.
[Need to ensure total protection using multi-layer security practices.]

Based on below checklist, data is analyzed.
1.Physical Security:
a) Only authorized perons are allowed inside the campus.
b) Access levels are different for employees according to nature of their jobs.
c) Server room access are restricted.

2. Network Security
a). All routers, gateways and switches have updated drivers and softwares.
b). Passwords are changed regularly.
c). Firewalls is active and working.
d). All devices should be checked reguarly for any abnormal behavior.

3. Personal system security
a). Anti-virus is updated.
b). Operating system is updated.
c). All softwares are updated.

4. Regular security audits.
a). Analyze the network data for any suspicious activity.
b). Ensure above practices are followed reguarly.

New practices that should be added
1.(b), 2(b), 3(c) and 4.

4. Sharing the results after analysis and suggesting course of action.
Below are action items to be followed by all employees till further communication.
1. From the checklist strictly follow 1.(b), 2(b), 3(c) and 4.
2. DO NOT Use mobile for any company communication. If using, do not use any other app or any communication with that device.
3. Do not share any company data on any network or on personal networks.
4. Do not open mails other than company's internal network.

Data flow Digram #1 Trust boundaries Server Systema 4 Systemol systemst Systema { System 6 system3 Attemp's Attenopts AHacker #1 Attacker #2 via emails, attachments. If any user opens email, then trust is broken.