The data flow diagram created in TMT-2016 should show all necessary elements/components, including Trust Boundaries, with appropriate data flow connections - be sure to modify the Attributes within the Element Properties to include security settings that will reduce the risks/threats. Within the completed threat model, you must show mitigations (with justifications) for at least 20% of the identified threats.Your model should cover the entire STRIDE model (which is the default analysis method in TMT-2016) - you need to explain and address all six types/categories of threats.
If you are using a Mac computer, you will need to create a VM running Windows 8.1 or 10 to install TMT-2016.
The Microsoft Threat Modeling Tool (TMT-2015) should be downloaded and installed on your own computer. You can create some of your own additional assumptions, as long as they are fully explained Further Assignment instructions:. Faculty and Administrative staff have access to the applications from both internal workstations and remote systems using a VPN connection students will not be using a VPN for their remote access, but must use an encrypted channel (SSL/TLS) - you can decide how this is implemented. (For example, a faculty member needs to see all student grades but a student should only see their own grade.) Different roles require different permissions. The 5SO system is used by Faculty, Administration, and students to access the following University systems: System Admin Faculty Y Students Y Email Y BlackBoard Y Y Y Finance N Y Y* Curriculum Development Y Y N *(To pay tuition) Given Assumptions: You are to do this in the Microsoft Threat Modeling tool. Your CIO has asked you to draft a threat model for the university Single Sign-On (SSO) system. 
You are a security analysts at a large university. Transcribed image text: In this assignment, you will use the Microsoft Threat Modeling Tool (TMT-2016).
0 kommentar(er)
