Enterprise Cybersecurity Risk Assessment with Threat Modeling: Case Study XYZ Insurance Company

Ramdhani, Bintang and Soetomo, Moh. A. Amin and Lim, Charles (2021) Enterprise Cybersecurity Risk Assessment with Threat Modeling: Case Study XYZ Insurance Company. Masters thesis, Swiss German University.

[img]
Preview
Text
BINTANG RAMDHANI 21851011 TOC.pdf

Download (1MB) | Preview
[img] Text
BINTANG RAMDHANI 21851011 1.pdf
Restricted to Registered users only

Download (342kB)
[img] Text
BINTANG RAMDHANI 21851011 2.pdf
Restricted to Registered users only

Download (3MB)
[img] Text
BINTANG RAMDHANI 21851011 3.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
BINTANG RAMDHANI 21851011 4.pdf
Restricted to Registered users only

Download (2MB)
[img] Text
BINTANG RAMDHANI 21851011 5.pdf
Restricted to Registered users only

Download (227kB)
[img]
Preview
Text
BINTANG RAMDHANI 21851011 Ref.pdf

Download (471kB) | Preview

Abstract

XYZ Insurance is a company that always try to meet the needs of its customers, one of the customer's needs during this pandemic is health services, and therefore, XYZ insurance develops a telemedicine application. In order to ensure the reliable operation of the application, it is necessary to pay attention to the security issues for the application. To overcome security problems. In this research, a risk assessment is carried out using threat modeling with STRIDE, where Data Flow Diagrams (DFD) is the main input, its help identifies and differentiate existing threats, researcher found 40 threats on telemedicine application, where these threats are in process as many as 28 threats, data flow as many as 8 threats, and data store as 4 threats. Meanwhile, to measure the identified threat, researcher used DREAD to get threat score and CVSS to get vulnerability score. From the results of that threats and vulnerabilities, a risk value is obtained, where in this telemedicine application there are 2 very high risks, there are on the webserver process - SQL Injection and Directory traversal. By knowing the risks that exist, the appropriate controls to mitigate these risks are recommended.

Item Type: Thesis (Masters)
Uncontrolled Keywords: CVSS, DFD, DREAD, Risk Assessment, STRIDE, Threat Modeling
Subjects: H Social Sciences > HV Social pathology. Social and public welfare > HV6773 Computer crimes
Q Science > QA Mathematics > QA76 Computer software > > QA76.93 Computer networks--Security measures
T Technology > T Technology (General) > T58.5 Information technology
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Faisal Ifzaldi
Date Deposited: 06 Jan 2022 08:22
Last Modified: 06 Jan 2022 08:22
URI: http://repository.sgu.ac.id/id/eprint/2291

Actions (login required)

View Item View Item