Claim Assurance Case #4 - Data Transmission

[Cojajomaco]

Hey guys, please rip me apart if you need to. This is just the start of my diagram. I wanted to view this from the possibility of PHI being on the system. It's unlikely, but if an MSP has a BAA with a HIPAA organization then the possibility exists. As such, I am trying to base my claim and rebuttals off of the CIA triad.

[Atmcalpine]

Just a few suggestions/ideas:

• Rebuttal R3 and Sub-claim C2 don't seem to link. These items might just need to be reworded but from a confidentiality standpoint I could see these pointing towards access and/or encryption controls as a sub-claim to R3? I like the callout from C2 that accounting data needing to be authenticated, but I'm thinking this needs to go under a different rebuttal.
• A good rebuttal could be something along the lines of "Unless initial data entry authentication/accuracy controls are not in place"
• Since we're pointing towards HIPAA should be make reference to the sharing of data?
• If this is too similar to database claims maybe make reference to the database as a rebuttal, but have yours focus more on the quality, change controls, and sharing of accounting/billing data
• Maybe consider flipping the claim to say "Account billing data is sufficiently protected/secured". Note: If the focus of the diagram is adjusted this might have to be altered further as well.

[Cojajomaco]

Changing my topic completely to data transmission security: mailing, https, etc.

[Cojajomaco]

My current rough draft:

My goal was to audit each data transmission branch and I included this info in CT2.

[Cojajomaco]

I'm still in the process of heavy edits - I'm hoping to have this done tomorrow afternoon.

[Cojajomaco]

I condensed my top-level issues since they ended up using a lot of the same functions. My resulting diagram tries to identify the key issues each function needs to be secure and expands upon them.

[Cojajomaco]

Reflection: My diagram went through many different shifts. Originally, I had wanted to focus on just the billing functions within ITFlow. However, upon further review it appeared that my diagram would incorporate most of everyone's top-level claims as a sub-claim, so it felt as if my diagram did not impose a question of significant value which was not already being answered. From there, I created a version of the data transmission diagram which focused on each transmission vector as a rebuttal (mailing, web browsing, database transactions). I worked on this diagram for some time before realizing that my rebuttals resulted in the same evidence. I decided to condense my diagram further into what it is now. I realized along the way that I was not directly analyzing security functions for the software, rather, I was analyzing individual components and then trying to force security into them. I think addressing the main security functions that each component uses ended up being key to understanding the assignment.