I need support with this Engineering question so I can learn better.
1)Description: Defense-in-Depth, an IA concept refers to multiple layers of security controls placed throughout an IT system. Post a brief summary of examples of these types of controls in action and your experience with at least one of type of control. Illustrate whether or not you believe, in your experience, this approach is effective. Be sure to indicate in what domain your example occurs:
- User domain – any user of our systems falls in this domain, whether inside or outside our organization
- Workstation domain – not just computers, but any device our users use
- LAN domain – each LAN and the devices that make a LAN work
- WAN domain – the system that links devices across long distances; typically this is the Internet which is used by most businesses
- LAN-to-WAN domain – the infrastructure and devices that connect our organization’s LANs to the WAN system
- Remote Access domain – the technologies used by our mobile and remote users to connect to their customary resources; can include VPN solutions and encryption technology
- System/Application domain – technologies used to actually conduct business functions, as opposed to making connections of various types
2)Chapter 1 and 2 provided a high-level overview of Threat modeling and Strategies for Threat Modeling. For some additional reading, take a look at how other organizations view threat modeling:
After reading chapter 1 and 2 and looking at the link above, you’re ready to participate in the first discussion.
Let’s look at a possible real-world scenario and how the Department of Homeland Security (DHS) plays into it. In this scenario, the United States was hit by a large-scale, coordinated cyber attack organized by foreign entity. Lessons learned indicated that DHS was not utilizing any threat modeling strategies and would like to get discussion started immediately to better understand what it is. You are brought in and need to provide the following to DHS:
a. What is threat modeling?
b. How can threat modeling help protect key assets (this could be information, infrastructure, personnel, etc) going forward?
c. What should the next steps be for DHS now that they have a better understanding?
You must do the following:
Create a new thread. As indicated above, please answers the three questions above for DHS described in the preceding paragraph. Must use a minimum of three references for your initial posts. Also, please cite all references and use proper APA formatting.