Scribd
Upload
91 views2 pages

Threat Modeling for E-Commerce Security

1. The document summarizes a threat modeling activity for a small to medium e-commerce business. 2. Four key assets are identified: human resources, internet connection, the e-commerce site, and customer data. Corresponding threats include human error, network failures, unauthorized access, and identity theft. 3. Mitigation steps are provided for each threat, such as training, network upgrades, strong passwords, and regular password changes. Threats are also prioritized based on their likelihood and potential impact.

Uploaded by

Jashi Siñel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
91 views2 pages

Threat Modeling for E-Commerce Security

1. The document summarizes a threat modeling activity for a small to medium e-commerce business. 2. Four key assets are identified: human resources, internet connection, the e-commerce site, and customer data. Corresponding threats include human error, network failures, unauthorized access, and identity theft. 3. Mitigation steps are provided for each threat, such as training, network upgrades, strong passwords, and regular password changes. Threats are also prioritized based on their likelihood and potential impact.

Uploaded by

Jashi Siñel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Group:

Names: 1. 4.

2. 5.

3. 6.

Section:
Subject: IAS101 – Information Assurance and Security 1

Academic Year: Semester:


Submitted To: Date Submitted:

Activity No. 1 – Threat Modelling for Small to Medium Business Enterprises

Business Name: E-Commerce (online Sales of Merchandise)

Vulnerabilities/ Mitigation
SNo Assets Threats Risk Priority
Weaknesses Steps/ Controls

Anything that can


Any data, device Weaknesses or gaps The potential for
exploit a The process of
or other in a security program loss, damage or Reducing risk to a
vulnerability, determining
component of an that can be exploited destruction of an level that is
1 intentionally or which risk should
organization’s by threats to gain asset as a result of acceptable to the
accidentally, and you act upon
systems that is unauthorized access threat exploiting organization
obtain, damage or first
valuable  to asset vulnerability
destroy an asset

Accidents or Training to
2 Human Performance Human error mistakes leading to improve 6
loss of sales/money performance
3 Internet / Connection Slow or failure in Less or no Upgrade 7
Internet transaction transaction leading
to loss of
connection
sales/money
 Use of strong
passwords
Username and Unauthorized Theft on identity,
4 E-Commerce Site  Regular 8
password access sales
change of
passwords
5

Priority

Sev
erit 4

1 2 3 4

Likelihood

You might also like