Site icon Eminence Papers

Threat Modeling – Health Care Facility

Perkins

Threat Modeling – Health Care Facility

Threat modeling allows for the optimization of applications and business processes through the identification of core security vulnerabilities in the system and the definition of countermeasures to protect information systems, thus mitigating cybersecurity threats in enterprise information systems. The concepts of threat modeling help identify the security requirements of the information systems within the healthcare industry and thus guarantee the processing of sensitive data (Cagnazzo et al.).

The cybersecurity threat models include:

STRIDE Threat Model

STRIDE threat models were developed by Microsoft with the aim of helping security engineers understand and classify all the possible cybersecurity risks and classify them in accordance with their severity on the application servers. The STRIDE threat model is an acronym for the following security risks:

  1. Spoofing – this is a cybersecurity attack on the identification and authentication of information system users. The spoofing attack takes advantage of the weak user credentials for the information system users through taking advantage of the weak authentication mechanism such as simple password combination and using personal information to be used as a password.
  2. Tampering – only allowing authorized persons to modify the information system enterprise data and prevents the attacker from tampering with the system functional elements that can have consequences on the application systems.
  1. Information disclosure – healthcare systems contain sensitive, personally identifiable information such as patient biodata and financial information; thus, the attackers aim at the core enterprise database to obtain the information for malicious use.
  2. Denial of service – the attackers may jam the healthcare application servers with malicious HTTP flood requests with the aim of preventing access to the information systems as a way of extorting the owners of the healthcare through ransom.
  3. Escalation of the privileges – when the healthcare system stakeholder accesses their portal, they’re redirected to the appropriate webpage based on their roles and privileges. An attacker might want to adjust their privileges through spoofing other user privileges to obtain higher privileges within the enterprise information system.

PASTA (Process For Attack Simulation And Threat Analysis) Threat Model

PASTA threat modeling is a conceptualized framework that identifies, evaluates, and mitigates the potential threats for the business through a combination of the attackers-centric perspective of the business risks and the impact analysis of the security vulnerability for the attack. The justification of the Process for attack simulation and threat analysis (PASTA) modeling is to make informed decision-making and rank the business risks based on their severity to determine mitigation strategies for each of the risks (Cagnazzo et al., 2018).

The seven stages for the PASTA threat modeling include:

  1. Defining the healthcare threat modeling business objectives. When developing using the PASTA threat modeling, it’s important to understand the objectives of the enterprise applications and develop an efficient threat modeling framework.
  2. Defining the technical scope of the enterprise healthcare application system core enterprise assets and developing a conceptualized framework for understanding the attack surface and depending on the third-party dependencies that allow the threats to be realized.
  3. Developing the application control framework for understanding the implicit trust models for mapping the relationship between the identified roles and permission and protecting the attack surface for the implicit trust models (Cagnazzo et al., 2018).
  4. Implementation of a threat analysis that is entirely based on the threat intelligence framework. The threat modeling framework builds a threat intelligence library that understands the threat analysis framework.
  5. Vulnerability assessment. The PASTA threat model maps the healthcare information system threat models, weaknesses in the codebase, system configurations, and architectural design.
  6. Analysis of the attack model simulation. The aim of the PASTA threat modeling framework emulates the attack that exploits the healthcare security weakness and vulnerabilities. The PASTA threat modeling methodology develops a recommended system for building attack surface vectors that help to map the threat accordingly and thus creates a blueprint framework for exploiting the lists of the possible attack vectors (Bromander et al., 2020).
  7. Development of the risk assessment framework, which comprises the threat intelligence model and countermeasures to mitigate against the threats.

DREAD Threat Model

The DREAD threat model was developed by Microsoft and published under the publication of the Writing Secure Code 2nd edition. The DREAD threat model’s implementation in the healthcare system is broken down into the following important elements:

The STRIDE threat model will be the most effective and applicable in health systems security and, consequently, healthcare facilities (Abomhara et al., 2015). This model provides a practical framework to counter potential threats by providing a solid methodology for the subsequent steps to be taken. The model can suggest the most effective defense mechanism, the attacker’s target information, the possible attackers, and the most likely attack avenues.

User Authentication and Credentials With Third-Party Applications

The authentication threat in the proposed STRIDE model focuses on the loss of the patient’s sensitive information and the misuse of the user’s credentials that facilitate the spoofing of the sensors. The attackers’ most probable avenues in gaining unauthorized access to the information systems are through the elevation of user privileges, data tampering, and information disclosure (Almulhem, 2011, p. 2922).

The authentication threat agents include:

  1. Patient identity sharing and loss of information of the personally identifiable information (PII) medical data.
  2. Sysadmin enterprise systems identity threat modelling
  3. Patient and personnel identity threats
  4. Sensor spoofing

Security Risk Severity Assessment Report

RISK LEVELS RISK ITEMS
High-Risk Levels –          Loss of confidentiality

–          User authentication

–          Attack using the prerequisite user authentication information such as the password and login details to access the healthcare enterprise application and access sensitive medical data.

–          Attackers gaining entry to the healthcare enterprise system backend servers as a trusted entity

–          Sysadmin identity theft
Medium Risk Levels –          Identity spoofing
Low-Risk Levels –          Sensor spoofing and using malicious identity threat analysis framework and personnel identity sharing framework.

–          Tampering the enterprise healthcare systems access control to affect the data consistency and integrity.

–          Targeted adversarial attacks.

Justification of The Stride Threat Modelling Framework

The proposed threat modeling approach helps provide structured and systematic processes that aim at identifying potential security threats and vulnerabilities to reduce the risks to IT resources. The threat models are implemented within the healthcare industry to protect sensitive personally identifiable information (PII) such as patient health biodata, financial data, and sensitive biodata about the patient. The threat modeling framework is incorporated to help information system managers understand the impacts of the cybersecurity threats, develop a quantification risk management matrix of the severity of the cybersecurity risks, and implement cybersecurity controls that mitigate against the identified cybersecurity weak points. The proposed information system must be designed to withstand attacks by establishing elaborate security requirements for effective cybersecurity risk mitigation. Threat modeling is an appropriate framework for uncovering security threats and determining the appropriate technical security controls that set effective countermeasures against the potential threat models (Almohri et al., 2017).

The steps for threat modeling should incorporate the following concepts:

  1. Appointing a threat modeling team that should contain all the stakeholders, such as the business executives, software developers, and network experts within the organization.
  2. Establishing the scope of the threat modeling framework by highlighting the following concepts: define the appropriate model and thus provide the justification of what the proposed framework will cover.
  3. Determine the threat actors and determine the scope of technical implementation of the risk threats on the healthcare system.
  4. Develop a risk management matrix that determines the levels of risks in the healthcare systems and ranks them for effective prioritization of the risk mitigation framework.
  5. Implementation of the appropriate mitigations for each cybersecurity risk and threat identified in the risk assessment matrix.
  6. Documentation of the threat modeling framework by highlighting the scope of the threat modeling framework, justification, and the appropriate actions to mitigate against the risks.

References

Abomhara, Mohamed & Køien, Geir & Gerdes, Martin. (2015). A STRIDE-Based Threat Model for Telehealth Systems.

Almohri, H., Cheng, L., Yao, D., & Alemzadeh, H. (2017). On threat modelling and mitigation of medical cyber-physical systems. 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). https://doi.org/10.1109/chase.2017.69

Almulhem, A. (2011). Threat modelling for electronic health record systems. Journal of Medical Systems, 36(5), 2921-2926. https://doi.org/10.1007/s10916-011-9770-6

Bromander, S., Swimmer, M., Eian, M., Skjotskift, G., & Borg, F. (2020). Modelling cyber threat intelligence. Proceedings of the 6th International Conference on Information Systems Security and Privacy. https://doi.org/10.5220/0008875302730280

Cagnazzo, M., Hertlein, M., Holz, T., & Pohlmann, N. (2018). Threat modelling for mobile health systems. 2018 IEEE Wireless Communications and Networking Conference Workshops (WCNCW). https://doi.org/10.1109/wcncw.2018.8369033

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 

Threat Modeling – Health Care Facility

A new medium-sized healthcare facility has just opened, and you have been hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation.

Review this week’s readings, conduct your own research, and then choose a model to recommend with proper justifications.

Items to include (at a minimum) are:

User authentication and credentials with third-party applications

3 common security risks with ratings: low, medium, or high

Justification of your threat model (why it was chosen over the other two: compare and contrast)

You will research several threat models as they apply to the healthcare industry, summarize three models, and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium, or high risks, and the CEO will make the determination to accept the risks or mitigate them.

Your paper should meet the following requirements:
Be approximately FOUR TO SIX pages in length, not including the required cover page and reference page. (Remember, APA is double spaced)

Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.

Support your answers with the readings from the course and at least two scholarly journal articles in addition to your textbook to support your positions, claims, and observations.

Exit mobile version