Answer the following Essay Questions:
Your answers should be written in essay form with a clear intro, body, and conclusion. Use examples as applicable. There is no minimum length but you should clearly answer the question. Your answers should be in your own words. Short quotes can be used as needed. Cite any references used, in APA format.
#Q1. You are a security analyst at an organization that runs several web applications. Your CIO is interested in using threat modeling as part of the software development lifecycle. Provide her an overview of threat modeling and the value it would provide to your company – you need to choose between an asset/risk-based or threat/security-based approach. As part of your overview include a detailed explanation of the appropriate threat model for your approach (e.g., PASTA or STRIDE), which should address the different objectives the model attempts to achieve, and provide two potential mitigations for each threat/attack scenario. [75 points] You can make any assumptions you want about the web application, just make sure you explain them. Avoid any examples that might be in the textbook.
#Q2. Describe an attack tree and what it is used for. Provide an example attack tree on how you would cheat on this Midterm exam. (Do not cheat on this exam or test your attack tree. This is a thought exercise only). [25 points]
Your answers should be submitted in a single Word document (for both questions) and name the file as: 602_lastname_midterm-essay.docx
Click on the “Midterm Exam â€“ Part 2 (Essay Questions)” link above to submit your assignment.