13 Nov CYB 250 Module Three Stepping Stone One Guidelines and Rubric
To complete this assignment, review the prompt and grading rubric in the Module Three Stepping Stone One Guidelines and Rubric. When you have finished your work, submit the assignment here for grading and instructor feedback.
CYB 250 Module Three Stepping Stone One Guidelines and Rubric
Overview
Threat modeling is an important process to help iden�fy deficiencies in systems that are meant to keep assets secure. Using a threat model while summarizing the a�ack provides an
industry-ve�ed model that allows for easy iden�fica�on of incidents versus threats. Every cyber incident can be depicted in threat modeling scenarios, which provides an industry standard
to communicate the characteris�cs of any threat. Threat modeling is an important prac�ce for cybersecurity analysts because they must compare different forms of threats to iden�fy
common characteris�cs and build the most secure defense against threats. This ac�vity will draw on important fundamentals we have explored previously, like the confiden�ality, integrity,
and availability (CIA) triad and adversarial mindset.
This ac�vity relates directly to the final project, where you will be required to complete a threat model for your project scenario. Take advantage of feedback on this assignment to prepare
you for your final project submission in Module Seven.
Prompt
Analyze the three breach case studies found in the three ar�cles that are linked in the Reading and Resources sec�on of Module Three of your course. Use this informa�on to fill out the
template and address the cri�cal elements listed below.
I. Threat Modeling
A. To complete this assignment, first download the Module Three Stepping Stone One Template provided in the What to Submit sec�on. Iden�fy the elements of the threat model
by filling in the template for the case studies below.
i. Complete column for Target Breach thoroughly and accurately.
ii. Complete column for Sony Breach thoroughly and accurately.
iii. Complete column for OPM Breach thoroughly and accurately.
II. Incident Analysis
Select one of the incidents from the table and analyze the following informa�on:
A. Which of the CIA triad is most applicable to the “Ac�on” category of the selected incident? Explain your answer.
B. How can you use an adversarial mindset in analyzing the “A�ackers” and “Objec�ve” to inform the response to the a�ack?
C. Imagine you worked for the organiza�on in the chosen incident and had used a threat model proac�vely. What changes could you have made to the organiza�on to avoid the
incident?
III. Threat Modeling Extension
A. Defend the need for performing threat modeling. How would you convince your supervisor that threat modeling is worth the �me and resources needed to complete it?
11/12/24, 10:22 AM Assignment Information
https://learn.snhu.edu/d2l/le/content/1748997/viewContent/36623162/View 1/3
i. Why is threat modeling an important tool for a security prac��oner?
ii. What organiza�onal advantages beyond security controls might arise from this threat modeling exercise?
B. How does threat modeling differ between roles in IT (for example, testers—data muta�ons; designers—analyzing threats; developers—tracking data flow)?
What to Submit
Use the Module Three Stepping Stone One Template to prepare your submission. Your submission should be 2 to 3 pages in length including the table. Use double spacing, 12-point Times
New Roman font, and one-inch margins. All sources must be cited using APA format. Use a file name that includes the course code, the assignment �tle, and your name—for example,
CYB_123_Assignment_Firstname_Lastname.docx.
Module Three Stepping Stone One Rubric
Criteria Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Threat Modeling: Target
Breach
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Completes column for Target
Breach thoroughly and
accurately
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Threat Modeling: Sony
Breach
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Completes column for Sony
Breach thoroughly and
accurately
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Threat Modeling: OPM
Breach
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Completes column for OPM
Breach thoroughly and
accurately
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Incident Analysis: CIA Triad Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Explains which of the CIA triad
is most applicable to the
“Ac�on” category of the
selected incident
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
11/12/24, 10:22 AM Assignment Information
https://learn.snhu.edu/d2l/le/content/1748997/viewContent/36623162/View 2/3
Criteria Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Incident Analysis:
Adversarial Mindset
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Explains how you can use an
adversarial mindset in
analyzing the “A�ackers” and
“Objec�ve” to inform the
response to the a�ack
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Incident Analysis: Avoid the
Incident
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Explains what changes could
have been made to the
organiza�on to avoid the
incident
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Threat Modeling Extension:
Threat Modeling
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Explains why threat modeling is
an important tool for a security
prac��oner
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Threat Modeling Extension:
Organiza�onal Advantages
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Explains what organiza�onal
advantages beyond security
control might arise from this
threat modeling exercise
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Threat Modeling Extension:
Roles in IT
Meets “Proficient” criteria and
addresses cri�cal element in an
excep�onally clear, insigh�ul,
sophis�cated, or crea�ve
manner
Explains how threat modeling
differs between roles in IT
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address cri�cal
element, or response is
irrelevant
10
Ar�cula�on of Response Submission is free of errors
related to cita�ons, grammar,
spelling, and organiza�on and
is presented in a professional
and easy-to-read format
Submission has no major errors
related to cita�ons, grammar,
spelling, or organiza�on
Submission has some errors
related to cita�ons, grammar,
spelling, or organiza�on that
nega�vely impact readability
and ar�cula�on of main ideas
Submission has cri�cal errors
related to cita�ons, grammar,
spelling, or organiza�on that
prevent understanding of ideas
10
Total: 100%
11/12/24, 10:22 AM Assignment Information
https://learn.snhu.edu/d2l/le/content/1748997/viewContent/36623162/View 3/3