LD7007 Threat Modelling Ethical Considerations

Section 2: SSL PKI Threat Modelling & Ethical Considerations The non-technical Requirements are listed as follows: 1. SSL PKI threat model: Identify the threats, attacks arising from the proposed description of the SSL PKI security issues raised in your design/proposal. Create and discuss a taxonomy of those threats relevant to your design and propose suitable mitigation plans with clear references to the literature. You are required to threat model only against identity spoofing and certificate authority threats using a standardised methodology to identify and rank the threats identified. 2. Threat Ranking: Define, adopt, and validate the appropriate method to rank threats in SSL PKI architecture. 3. Threat mitigation Plan: A detailed threat mitigation plan is also required as part of your deliverables. Clear evidence of a systematic approach taken to validate threats identified must be clearly articulated as part of your analysis. 4. PKI Risks: Critically discuss at least two (2) significant risks/attacks/threats to PKI and link these to privacy (confidentiality/Integrity). What kind of ethical and legal concerns are raised in the context of PKI and identified risks/attacks/threats? 5. Conclusion: Design recommendations, summary of key points/findings from your investigation [~150 words]
tag Read less

Leave a Reply

Your email address will not be published.