Closed DoomDragoon closed 9 months ago
Just a few suggestions/ideas:
Changing my topic completely to data transmission security: mailing, https, etc.
My current rough draft:
My goal was to audit each data transmission branch and I included this info in CT2.
I'm still in the process of heavy edits - I'm hoping to have this done tomorrow afternoon.
I condensed my top-level issues since they ended up using a lot of the same functions. My resulting diagram tries to identify the key issues each function needs to be secure and expands upon them.
Reflection: My diagram went through many different shifts. Originally, I had wanted to focus on just the billing functions within ITFlow. However, upon further review it appeared that my diagram would incorporate most of everyone's top-level claims as a sub-claim, so it felt as if my diagram did not impose a question of significant value which was not already being answered. From there, I created a version of the data transmission diagram which focused on each transmission vector as a rebuttal (mailing, web browsing, database transactions). I worked on this diagram for some time before realizing that my rebuttals resulted in the same evidence. I decided to condense my diagram further into what it is now. I realized along the way that I was not directly analyzing security functions for the software, rather, I was analyzing individual components and then trying to force security into them. I think addressing the main security functions that each component uses ended up being key to understanding the assignment.
Hey guys, please rip me apart if you need to. This is just the start of my diagram. I wanted to view this from the possibility of PHI being on the system. It's unlikely, but if an MSP has a BAA with a HIPAA organization then the possibility exists. As such, I am trying to base my claim and rebuttals off of the CIA triad.![image](https://github.com/Deeds101/CYBR8420-project/assets/143226996/22ddeb23-3cfc-4bf8-bd27-bc6a5ed97de1)