USA: +1(669)289-8683 
Sign in
The Topic for my paper is : Patient pacemaker
The following are the main deliverables for this assignment:a. A document that summarizes your selected research topic in Enterprise Security. An MS-Word Document for your project paper (also referred to as “report”). b. A presentation to showcase your findings to your classmates (15 min)
c. Use a threat analysis tool (like MS TMT) to perform a TARA analysis of said item. Your group should research TARA and include references they utilized in the report/paper. In this example, where the item is an automotive infotainment system, make sure you focus the scope of your TARA on this item – this will help when you create your DFD in TMT. Outside items, such as a vehicle’s engine would be considered out of scope.
d. Use the outcomes of TARA to identify potential risks related to item, assess these risks (using methods you learned in this course), proposed mitigations/controls. Also as mentioned earlier, include pertinent threat modeling diagrams with explanation and justification.
e. Include all the above in your final report and presentation. A template will be provided to you for the report, later in the semester.
f. BONUS (2 extra points on report): if possible, conduct an experiment (even if simulated) to back your earlier analysis
[TITLE12]
[Group members’ names]
[Email(s)]
[Class]
[Semester]
[Instructor]
[Instructions in this document are provided in italic font and enclosed within square
brackets. Please delete these before submitting your document.
The project report should:
– In a Word (docx) document, double-spaced, with 1-inch margins, and a 12pt Times
New Roman font
– Contain all sections listed below
– Remember to update your Table of Contents (ToC) before submitting]
Table of Contents
1.
Introduction ……………………………………………………………………………………………………………… 2
2.
Item Overview & Literature Review ………………………………………………………………………. 2
3.
2.1.
Overview ……………………………………………………………………………………………………………………….. 2
2.2.
Literature Review………………………………………………………………………………………………………… 2
Threat Analysis ………………………………………………………………………………………………………… 2
3.1.
TARA Approach ……………………………………………………………………………………………………………. 3
3.2.
TARA Diagram(s) …………………………………………………………………………………………………………. 3
3.3.
TARA Outcomes……………………………………………………………………………………………………………. 3
4.
Risk Analysis …………………………………………………………………………………………………………….. 3
5.
Experiment (optional Bonus) …………………………………………………………………………………. 3
6.
Conclusion…………………………………………………………………………………………………………………. 3
1
2
Term paper for IA 202L4.
Title, references, table of contents, and Appendix pages are not part of the total page count
1. INTRODUCTION
Provide a brief elaboration on the content paper. Use Times New Roman 12, single-spaced.
2. ITEM OVERVIEW & LITERATURE REVIEW
2.1. Overview
[Provide a brief overview about your item, e.g. Automotive Infotainment System]
2.2. Literature Review
[Include a brief (max 1 page) literature review about the item, notably about security incidents that have
affected it]
This section must include what has been done in the literature on this subject: Make sure to
divide this into information summarized from course textbook plus what has been done based
on external sources, such as one or two research papers addressing the subject.
Sources for research (library): http://caxton.emich.edu/guide/guide.php?id=258
Make sure to include citations. APA style requires authors to use the past tense or present
perfect tense when using signal phrases to describe earlier research. E.g., Jones (1998) found
or Jones (1998) has found. Writing style guides:
http://www.apastyle.org/learn/tutorials/basics-tutorial.aspx
Note: If any of the APA reference guidelines contradict with this paper format then this paper
format takes precedence.
Examples: According to Jones (1998), “Students often had difficulty using APA style,
especially when it was their first time” (p. 199). Jones (1998) found “students often had
difficulty using APA style” (p. 199); what implications does this have for teachers?
She stated, “Students often had difficulty using APA style,” but she did not offer an
explanation as to why (Jones, 1998, p. 199).
Figure 1. Spirit of graduates.
3. THREAT ANALYSIS
[Use a threat analysis tool (like MS TMT) to perform a TARA analysis of said item. Your group should
research TARA and include references they utilized in the report/paper. Make sure you focus the scope of your
TARA on your selected item – this will help when you create your Data Flow Diagram (DFD) in TMT. Outside
items would be considered out of scope]
3.1. TARA Approach
3.2. TARA Diagram(s)
3.3. TARA Outcomes
Table 1: Margin specifications [sample table if necessary]
Margin
A4 Paper
US Letter Paper
Left
18.5 mm
14.5 mm (0.58 in)
Right
18mm
13 mm (0.51 in)
4. RISK ANALYSIS
[Use the outcomes of TARA to identify potential risks related to item, assess these risks (using methods you
learned in this course), proposed mitigations/controls. You can include or refer to earlier pertinent threat
modeling diagrams with explanation and justification]
5. EXPERIMENT (OPTIONAL BONUS)
[If possible, conduct an experiment (even if simulated) to back your earlier analysis – (2 extra points on this
paper). Note that you will need to deliver the artifacts that you used in your experiment, such as any code, VM,
etc.]
6. CONCLUSION
[Concluding remarks]
REFERENCES
Whitman, M. & Mattord, H., 2008. Principles of Information Security, 3rd ed. Boston (MA):
Course Technology.
Cummings, J.N., Butler, B., & Kraut, R. (2002). The quality of online social
relationships. Communications of the ACM, 45(7), 103-108.
Hu, Y., Wood, J.F., Smith, V., & Westbrook, N. (2004). Friendships through IM:
Examining the relationship between instant messaging and intimacy. Journal of
Computer-Mediated Communication, 10(1).
Zogby International, 2007. Zogby Poll: Most Americans Worry About Identity
Theft.Available at: http://www.zogby.com/search/readnews.cfm?ID=1275 [Accessed 19
August 2009].
APPENDICES
Topic of Presentation (can include picture)
Group Project. Members: m1, m2, m3
Include brief details about your
presentation. A relevant quote can be
used here, although not required.
/
IA 202L4 – Risk Vulnerability Analysis
Instructor: Samir Tout
Date
Agenda
The following items will be covered in this presentation:
▪ Introduction
▪ Item Overview & Literature Review
▪ Threat Analysis
▪ Risk Analysis
▪ Experiment
▪ Summary & Conclusion
IA 202L4 – Risk Vulnerability Analysis
2
Introduction
▪ Point 1
▪ Point 2
IA 202L4 – Risk Vulnerability Analysis
3
Item Overview & Literature Review
▪
Overview
▪
Literature Review
IA 202L4 – Risk Vulnerability Analysis
4
Threat Analysis
▪ TARA Approach
▪ TARA Diagram(s)
▪ TARA Outcomes
IA 202L4 – Risk Vulnerability Analysis
5
TARA Approach
▪ Point 1
▪ Point 2…
IA 202L4 – Risk Vulnerability Analysis
6
TARA Diagram(s)
▪ Point 1
▪ Point 2…
IA 202L4 – Risk Vulnerability Analysis
7
TARA Outcomes
▪ Point 1
▪ Point 2…
IA 202L4 – Risk Vulnerability Analysis
8
Risk Analysis
▪ Point 1
▪ Point 2…
IA 202L4 – Risk Vulnerability Analysis
9
Experiment [optional & bonus]
▪ Point 1
▪ Point 2…
IA 202L4 – Risk Vulnerability Analysis
10
Summary & Conclusion
▪ Point 1
▪ Point 2
IA 202L4 – Risk Vulnerability Analysis
11
References
▪
Whitman, M. & Mattord, H., 2008. Principles of Information Security, 3rd ed. Boston (MA): Course Technology.
Cummings, J.N., Butler, B., & Kraut, R. (2002). The quality of online social relationships. Communications of the
ACM, 45(7), 103-108.
▪
Hu, Y., Wood, J.F., Smith, V., & Westbrook, N. (2004). Friendships through IM: Examining the relationship
between instant messaging and intimacy. Journal of Computer-Mediated Communication, 10(1).
▪
Zogby International, 2007. Zogby Poll: Most Americans Worry About Identity Theft.Available at:
http://www.zogby.com/search/readnews.cfm?ID=1275 [Accessed 19 August 2009].
IA 202L4 – Risk Vulnerability Analysis
12
Q/A
IA 202L4 – Risk Vulnerability Analysis
13
Part 1 Tara – Patient Pace Maker TARA Analysis
Item Definition: Patient Pacemaker
Function: to detect heartbeat and regulate the pace of heart rate Components: an implantable
pulse generator, leads, electrodes, and a monitoring device
Data: Heart rate, rhythm, and electrical signals of the heart
Connectivity: Bluetooth and cellular connection to a monitoring device
Asset Identification and Damage Scenarios
Asset
Confidentiality
Integrity
Availability
Pace Maker
Unauthorized access
to patient data
Tampering of
patient data
Unauthorized
interruption of
service
Healthcare
Database
Unauthorized access
to patient records
Tampering of
patient records
Denial of access to
patient records
Networks
Unauthorized access
to networks
Tampering of
network data
Denial of access to
networks
Access Control
System
Unauthorized access
to the system
Tampering of
system data
Denial of access to
the system
Threat Scenario Identification and Attack Path Analyses:
Threat Scenario
Attack Path
Attack steps
Unauthorized Access to the
Path 1
1. Compromise medical database from external
Data
network
2. Access patient data from a compromised
database
Unauthorized Access to the
Path 2
Device
1. Compromise medical database from external
network
2. Access the patient’s pacemaker device from
the compromised database
Unauthorized Wireless
Path 3
Connections
1. Compromise patient’s pacemaker device
wireless network
2. Access pacemaker device from compromised
Battery Access
wireless network
path 4
1. The battery could be remotely accessed
Path 5
Unauthorized system
shutdown
and drained which can cause improper
shocks
1. Patients system can be compromised from
external network
2. Systems can be shut down from the
external network
Impact Rating:
Damage scenario
Safety
Financial
Operational
Privacy
Unauthorized
Access to the
Data
Severe
Major
Major
Severe
Unauthorized
Access to the
Device
Severe
Major
Major
Severe
Unauthorized
Wireless
Connections
Severe
Major
Major
Severe
Battery
Severe
Major
Major
Severe
Impact Rating for Attack Feasibility
High
Medium
Low
Very Low
Severe
5
4
3
1
Major
4
3
2
1
Moderate
3
2
2
1
Negligible
1
1
1
1
Severe
5
5
4
5
Part 2: Pace Maker TARA Analysis
Threat Scenario Identification and Attack path analysis:
Threat Scenario
Attack path
Attack steps
Unauthorized Access to the
Data
Path 1
Medical database compromise from
external network
Path 2
Access of patient information from a
compromised database
Path 3
Attacker uses social engineering
techniques to gain access to the medical
database.
Unauthorized Access to the
Device
Unauthorized Wireless
Connections
Path 1
Compromising medical database from
external network
Path 2
Accessing the patient’s pacemaker device
from the compromised database
Path 3
Hackers gaining control of the device and
altering the settings
Path 1
Interfere with patient’s pacemaker device
wireless network
Path 2
Access pacemaker gadget from
compromised wireless connection
Path 3
Intercept and modify patient information
Path 1
Unauthorized access to patients system
Path 2
Can interfere with shock system
Path 3
Input incorrect data
Unauthorized system
access
Attack Feasibility Ratings
Attack Path
Expertise Opportunity Equipment
Time
Knowledge
Level
Unauthorized Expert
Access to the
Data
Unlimited
Standard
