Use/Misuse Case 2 (Password Management)

[DoomDragoon]

Adam Will work on Password Management Diagram

[Atmcalpine]

[DoomDragoon]

Wow. This is amazing. I will work on adding misuses and labeling arrows after our check in today. I forgot to do that. Im not sure if its suppose to be two words (Verb plus noun) only in the ovals. We can check that later.

[Atmcalpine]

I'm still working on adjusting the diagram further based on this discussion with the professor, but wanted to provide an updated image to show where I'm at presently.

[Cojajomaco]

Your diagram is great! The only thing I would add is a general audit logging to prevent against fake accounts, but you may have that covered in prior IP logging.

[kdherrm88]

This diagram is well done, Adam. I think you've done well in documenting many of the things that can be prevented with this type of security control.

[Atmcalpine]

This abuse case analysis focused on the processes, controls, and threats that may impact the ITFLOW (software) from a password management perspective. As demonstrated within the diagram the data analyst (user) would most likely leverage the password management functions of the software for logging on to the system, changing passwords, and setting up new accounts. Review of system documentation and issue remediation documentation available through the ITFLOW github page it was determined that controls were in place to address a number of attack methods that may be carried out by a disgruntled employees. Despite these controls, it's important to consider that management of user access capabilities by an authorized System Admin internal to each organization leveraging this software to ensure internal information and capabilities are appopriately restricted to only active, authorized personnel.

[Atmcalpine]

Your diagram is great! The only thing I would add is a general audit logging to prevent against fake accounts, but you may have that covered in prior IP logging.

Thanks for the feedback. I didn't see anything more broad related to general audit logging within the ITFLOW documentation, so I made reference to the IP Monitoring since that could be leveraged to prevent the creation of face accounts. I appreciate the suggestion. :)