research several threat models as it applies to the health care industry|My homework helper

Posted: January 26th, 2023

IT Research Paper

Threat Modeling

A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:

• User authentication and credentials with third-party applications
• 3 common security risks with ratings: low, medium or high
• Justification of your threat model (why it was chosen over the other two: compare and contrast)

You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them. Your paper should meet the following requirements:

• Be approximately five to six pages in length, not including the required cover page and reference page. (Remember, APA is double spaced)
• Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
• Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
• Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.

Reading Materials-

BURKE, MCDONALD, J., & AUSTIN, T. (2000). Architectural support for fast symmetric-key cryptography. Operating Systems Review,  34(5), 178–189.

Diffie, & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.

Ullah, de Roode, G., Meratnia, N., & Havinga, P. (2021). Threat Modeling — How to Visualize Attacks on IOTA? Sensors (Basel, Switzerland),  21(5), 1834–.

Li, Yu, Y., Lou, C., Guizani, N., & Wang, L. (2020). Decentralized Public Key Infrastructures atop Blockchain. IEEE Network, 34(6), 133–139.

Chia, Heng, S.-H., Chin, J.-J., Tan, S.-Y., & Yau, W.-C. (2021). An Implementation Suite for a Hybrid Public Key Infrastructure. Symmetry (Basel), 13(8), 1535–.

SOLUTION

There are many different threat models that can apply to the healthcare industry. Here are a few examples:

1. Data breaches: Health care organizations often store sensitive personal and medical information, making them a target for cybercriminals looking to steal this information for financial gain.
2. Insider threats: Employees or contractors within a healthcare organization may intentionally or unintentionally compromise patient data.
3. Ransomware attacks: Cybercriminals may use malware to lock a healthcare organization’s systems or data and demand payment in exchange for the key to unlock it.
4. Supply chain attacks: Third-party vendors or suppliers used by healthcare organizations may be targeted, potentially giving attackers access to the organization’s systems and data.