Business & Communication Insurance| Case Study


You are required write a Threat modelling report in response to a case scenario by identifying the threat types and key factors involved.

Task Instructions

  1. Carefully read the attached the case scenario to understand the concepts being discussed in the case.
  2. Review your subject notes to establish the relevant area of investigation that applies to the case. Reread any relevant readings that have been recommended in the case area in modules. Plan how youwill structure your ideas for the threat model report.
  1. Draw a use DFDs (Data Flow Diagrams):
  • Include processes, data stores, data flows
  • Include trust boundaries (Add trust boundaries that intersect data flows)
  • Iterate over processes, data stores, and see where they need to be broken down
  • Enumerate assumptions, dependencies
  • Number everything (if manual)

Case Scenario

The Business &Communication Insurance (B&C Insurance) began business as a private health insurer, established by Gary RT.L & family in 1965 through the Health Insurance Commission. This company was set up to compete with private “for-profit” funds. The company’s headquarters is located in New York and has offices in various other countries including Spain, Australia and Hong Kong. The CEO of the B&C Insurance recently received a ransom email from an unknown company claiming that they have access to the company strategic plans and personal details of 200,000 clients. A sample of personal details of 200 clients was included in the email as a ‘proof’.

tag Read less

Leave a Reply

Your email address will not be published.