Target Data of Interest Examples

Part A. Simple Characterization of Data of Interest from NIST
Part B. Example 1 – List of Workers who have received Workers Compensation
Part C. Example 2 – An Attack on Retail: The Target Stores

Part A. Identify and Characterize the System and Data of Interest
The first step is to identify and characterize the system and data of interest. The system and data should be defined narrowly, pertaining to a particular logical set of data on a particular host or small group of closely related hosts and devices. Once the system and data are defined, they need to be characterized, which refers to understanding the system’s operation and usage to the extent needed for the organization’s data-centric system threat modeling approach. At an absolute minimum, characterization should include the following:
⦁ The authorized locations for the data within the system. This will include some or all of the following:
⦁ Storage: all places where data may be at rest within the system boundaries;
⦁ Transmission: all ways in which data may transit over networks between system components and across the system’s boundaries;
⦁ Execution environment: e.g., data held in local memory during runtime, data processed by virtual CPUs, etc.;
⦁ Input: e.g., data typed in using the keyboard; and
⦁ Output: e.g., data printed to a physically attached printer, data displayed on the laptop screen, etc.
⦁ A basic understanding of how the data moves within the system between authorized locations. For example, a file might be held in memory while it is being created and is only written out to storage when the user directs the system to do so. Depending on the complexity of the system, gaining this understanding may require first understanding the system’s functions and processes, users and usage scenarios, workflows, trust assumptions, and other aspects of people, processes, and technology related to the system.
⦁ The security objectives (e.g., confidentiality, integrity, availability) for the data. In many cases, some objectives are more important than others; in other cases, an organization may want to focus on a single objective for a particular threat model.
⦁ The people and processes that are authorized to access the data in a way that could affect the security objectives. For example, if an organization has selected confidentiality as its sole objective for a particular threat model, the authorized people and processes should include all users, administrators, applications, services, etc. who are allowed to read the data.”

Don't use plagiarized sources. Get Your Custom Essay on
Target Data of Interest Examples
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
Order Essay

Part B. Simple Example from NIST: List of Workers who have received Workers Compensation
Example Scenario Summary: The data of interest is a spreadsheet containing personally identifiable information (PII) for employees who have received workers’ compensation.
The system of interest comprises:
⦁ a human resource specialist’s laptop (spreadsheet is stored on and used from the laptop);
⦁ a USB flash drive (spreadsheet is backed up onto the USB flash drive); and
⦁ a printer (spreadsheet can be printed from the laptop to the printer).

The authorized locations for the data of interest are as follows:
⦁ Storage: Spreadsheet kept on a laptop hard drive, backup of spreadsheet kept on a USB drive;
⦁ Transmission: Sent to a printer over a wireless network;
⦁ Execution environment: Local laptop memory and processors;
⦁ Input: Typed in using the laptop keyboard; and
⦁ Output: Displayed to the screen.

Description: Data is input through the keyboard into the spreadsheet, which is temporarily held in the execution environment. As the user updates the spreadsheet, the data is displayed to the screen. When the user has completed editing the spreadsheet, the user directs the system to save the spreadsheet to the laptop hard drive. The user may also load the spreadsheet into the execution environment and print the spreadsheet to a nearby printer through a wireless network connection. Finally, the user occasionally copies the latest version of the spreadsheet from the laptop hard drive to a USB flash drive as a backup Although confidentiality, integrity, and availability all matter for the data of interest, confidentiality is considered so much more important that the organization has decided to perform its trust modeling in terms of confidentiality only. In this highly simplified example, the human resource specialist is the only person who is authorized to access the data

Part C. Example 2 – An Attack on Retail: The Target Stores

https://krebsons⦁ ecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target⦁ /
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company⦁ /
http://⦁ krebsonsecurity.com/wp-content/uploads/2014/01/POSWDS-ThreatExpert-Report.pdf
http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware⦁ /

Quick Homework Essays
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services