Answer the below questions in-depth with supporting references and a minimum of 250words each.
1. List and describe the required tools needed for an effective assessment. What are some common mistakes and errors that occur when preparing for a security assessment?
2. Describe in depth the role in which organizational risk tolerance plays in relation to systems under assessment.
3. Identify and describe what threat agents should be avoided in preparation for an assessment. How do we effectively screen out irrelevant threats and attacks in this preparation?
4. Identify when to use architecture representation diagrams and communication flows. Define and illustrate when decomposing of architecture would be used. Provide an example of architecture risk assessment and threat modeling.
Schoenfield, Brook S.E. – Securing Systems: Applied Security Architecture and Threat Models, CRC Press, 2014 ISBN: 978-1-4822-3397-1
The Top questions should be covered from the concept of the below 6 chapters of Security Architecture and Design:
Chapter 1- Architecture Risk Assessment (ARA) threat modeling has been defined as it applies to security architecture. Also addressed is a body of knowledge and a practice for applying security to systems of all types and sizes.
Chapter 2- defines what a system assessment for security is. It shows multiple examples and addresses the 3 Ss, namely Strategy, Structures, and Specification.
Chapter 3- explores the art of security architecture as a practice. Narrowly defined security architecture to the confines of the task at hand: ARA and threat modeling.
Chapter 4- addresses risk as it relates to the attack, breach, or compromise of digital systems. Providing concepts and constructs with direct applicability to system assessment and threat models. Also credible attack vectors (CAV), a construct for quickly understanding whether an attack surface is relevant or not.
Chapter 5- is devoted to the lightweight ARA/threat modeling methodology ATASM. The acronym stands for architecture, threats, attack surfaces, and mitigations. Chapter 5 demonstrates how to apply ATASM to a fictional e-commerce website.
Chapter 6- finishes examining the security architecture and the ATASM process for the fictional e-commerce website.