Ramdhani, Bintang and Soetomo, Moh. A. Amin and Lim, Charles (2021) Enterprise Cybersecurity Risk Assessment with Threat Modeling: Case Study XYZ Insurance Company. Masters thesis, Swiss German University.
|
Text
BINTANG RAMDHANI 21851011 TOC.pdf Download (1MB) | Preview |
|
|
Text
BINTANG RAMDHANI 21851011 1.pdf Download (342kB) | Preview |
|
|
Text
BINTANG RAMDHANI 21851011 2.pdf Download (3MB) | Preview |
|
|
Text
BINTANG RAMDHANI 21851011 3.pdf Download (1MB) | Preview |
|
|
Text
BINTANG RAMDHANI 21851011 4.pdf Download (2MB) | Preview |
|
|
Text
BINTANG RAMDHANI 21851011 5.pdf Download (227kB) | Preview |
|
|
Text
BINTANG RAMDHANI 21851011 Ref.pdf Download (471kB) | Preview |
Abstract
XYZ Insurance is a company that always try to meet the needs of its customers, one of the customer's needs during this pandemic is health services, and therefore, XYZ insurance develops a telemedicine application. In order to ensure the reliable operation of the application, it is necessary to pay attention to the security issues for the application. To overcome security problems. In this research, a risk assessment is carried out using threat modeling with STRIDE, where Data Flow Diagrams (DFD) is the main input, its help identifies and differentiate existing threats, researcher found 40 threats on telemedicine application, where these threats are in process as many as 28 threats, data flow as many as 8 threats, and data store as 4 threats. Meanwhile, to measure the identified threat, researcher used DREAD to get threat score and CVSS to get vulnerability score. From the results of that threats and vulnerabilities, a risk value is obtained, where in this telemedicine application there are 2 very high risks, there are on the webserver process - SQL Injection and Directory traversal. By knowing the risks that exist, the appropriate controls to mitigate these risks are recommended.
Item Type: | Thesis (Masters) |
---|---|
Uncontrolled Keywords: | CVSS, DFD, DREAD, Risk Assessment, STRIDE, Threat Modeling |
Subjects: | H Social Sciences > HV Social pathology. Social and public welfare > HV6773 Computer crimes Q Science > QA Mathematics > QA76 Computer software > > QA76.93 Computer networks--Security measures T Technology > T Technology (General) > T58.5 Information technology |
Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
Depositing User: | Faisal Ifzaldi |
Date Deposited: | 06 Jan 2022 08:22 |
Last Modified: | 06 Dec 2024 09:17 |
URI: | http://repository.sgu.ac.id/id/eprint/2291 |
Actions (login required)
View Item |