Assignment 3b: Threats Defense Argument Due in Week 10 and worth 100 points The information you provided in your presentation on Threats to the Global Environment has led to productive debates at the UN General Assembly! There are now questions about prioritizing the issues at hand. Some of the countries are challenging your recommendations and questioning your reasons for not including the issues they believe are priority. From the initial eight global threats, there are four remaining threats that you did not choose in the list of major global issues. Review the list of topics and reflect on two that you did not use in last week’s assignment. Defend your reason for considering these topics lower in priority than the ones in your presentation. Energy sources Civil war Globalization Poor health of entire populations Lack of educational opportunities Cultural taboos Inappropriate uses of technology Climate change The completed version of this assignment will consist of the following: 1. Select two threats from the list above that you did not use in your Assignment 3a presentation. 2. Create a minimum two-page document in which you outline a counterargument for the two threats you selected: Write an opening statement describing the perception of each threat. Write one paragraph for each threat (two paragraphs total) in which you give three reasons to explain why the threat is less of a priority to the global environment than the four you selected in Assignment 3a. Support your reasons with at least three credible sources. A conclusion statement for each threat. 3. Cite at least three credible sources excluding Wikipedia, dictionaries, and encyclopedias for your assessment. A brief list of suggested resources has been provided at the end of the course guide. The specific course learning outcome associated with this assignment is: Examine the factors that account for why the growth in the world’s population can negatively affect the global society Grading for this assignment will be based on answer quality, logic/organization of the paper, and language and writing skills, using the following rubric: APA Formatting This document has the summarized, high points of the APA format that all students need to be aware in writing papers academically. There are many more details and requirements in the APA than in this condensed version. If the item needed is not included here, please refer to the APA manual or visit the Purdue University Online Writing Lab (OWL) website for more specific information in APA formatting. Your essay should be typed, double-spaced on standard-sized paper (8.5" x 11") with 1" margins on all sides. Indent 5 spaces or ½ inch on the first line of every paragraph. You should use a clear font that is highly readable. APA recommends using 12 pt. Times New Roman font. There are two aspects of essay formats that you should keep in mind: · Every other line in the entire paper will have text. · Consistency and unifor.

1. Assignment 3b: Threats Defense Argument
Due in Week 10 and worth 100 points
The information you provided in your presentation on Threats to
the Global Environment has led to productive debates at
the UN General Assembly! There are now questions about
prioritizing the issues at hand. Some of the countries are
challenging your recommendations and questioning your
reasons for not including the issues they believe are priority.
From the initial eight global threats, there are four remaining
threats that you did not choose in the list of major global
issues. Review the list of topics and reflect on two that you did
not use in last week’s assignment. Defend your reason for
considering these topics lower in priority than the ones in your
presentation.
Energy sources Civil war
Globalization Poor health of entire populations
Lack of educational opportunities Cultural taboos
Inappropriate uses of technology Climate change
The completed version of this assignment will consist of the
following:
1. Select two threats from the list above that you did not use in
your Assignment 3a presentation.
2. Create a minimum two-page document in which you outline a
counterargument for the two threats you selected:

2. Write an opening statement describing the perception of each
threat.
Write one paragraph for each threat (two paragraphs total) in
which you give three reasons to explain
why the threat is less of a priority to the global environment
than the four you selected in Assignment
3a. Support your reasons with at least three credible sources.
A conclusion statement for each threat.
3. Cite at least three credible sources excluding Wikipedia,
dictionaries, and encyclopedias for your assessment. A
brief list of suggested resources has been provided at the end of
the course guide.
The specific course learning outcome associated with this
assignment is:
Examine the factors that account for why the growth in the
world’s population can negatively affect the
global society
Grading for this assignment will be based on answer quality,
logic/organization of the paper, and language and writing
skills, using the following rubric:
APA Formatting
This document has the summarized, high points of the APA
format that all students need to be aware in writing papers
academically. There are many more details and requirements in
the APA than in this condensed version. If the item needed is
not included here, please refer to the APA manual or visit the
Purdue University Online Writing Lab (OWL) website for more

3. specific information in APA formatting.
Your essay should be typed, double-spaced on standard-sized
paper (8.5" x 11") with 1" margins on all sides. Indent 5 spaces
or ½ inch on the first line of every paragraph. You should use a
clear font that is highly readable. APA recommends using 12 pt.
Times New Roman font. There are two aspects of essay formats
that you should keep in mind:
· Every other line in the entire paper will have text.
· Consistency and uniformity is essential. Every essay from
each student will appear generally the same, except for specific
letters and words are different.
APA Title Page
The title page should contain the title of the paper, the author's
full name, and the school’s name. Include in the header of the
first page, the Running Head: and title of the paper in all
capitals are placed toward the left margin, and the page number
is placed toward the right margin. On the subsequent pages, the
header contains the title and page number. Please note that your
page number must be created with the word processor’s page
number feature. If the page number is entered in manually, it
will be the same number on every page rather than a page
number.
APA Citations
Anytime a writer borrows an idea or quote from other source, a
citation must be included in the essay. Whether it is
paraphrasing or quoting, credit must be given to avoid
plagiarism. APA requires the author’s name, year of
publication, and page or paragraph number must be included as
a citation in the paper. These three requirements can be
provided in two main options:
1. The requirements are provided at the end of the material
cited, and it is included in one simple parenthetical citation.
(author’s last name, year, page no.) Be sure to place the period

4. for the end of the sentence after the parenthetical citation.
For example:
The study indicated the patients recovered 47% of the time
without any harmful side effects (Hunter, 2004, pp. 365).
2. The author’s name is included in the body of the sentence.
The year follows the name in parentheses, and the page or
paragraph number is in parentheses at the end of the material
cited. For example:
Dr. Hunter (2004) performed two major clinical trials on breast
cancer. The studies indicated the patients recovered 47% of the
time without any harmful side effects (pp. 365).
3. When a personal interview, lecture, or seminar is used as a
source in a paper, APA only requires a citation to be included in
the body of the paper. Normally, the interviewee or lecturer
name is included in the body of the sentence, followed by the
parenthetical citation (Personal communication, date of
communication). For example:
Mr. Wayne Smith (Personal communication, June 25, 2012)
stated in an interview that each sample from the experiment
were handled and processed separated to prevent any potential
compromise of the study.
4. When using a direct quote (less than 40 words), usually the
author is used in the attributive tag with date cited after the
author. For example:
Wayne Smith (2012) explains, “Each sample from the
experiment were handled and processed separated to prevent
any potential compromise of the study.”
5. If using a block quotation (40 words or more), cite the quoted
source in parentheses after the final punctuation mark. Please
keep these points of block quotation in mind:
· Indent the block quote five spaces or half an inch.
· Do not use quotation marks.

5. · Double space the quote unless your school has a rule about
single spacing block quotes.
· Do not include any additional lines or spaces before or after
the block quote.
· Notice that in block quotes, the period goes before the
parentheses, not after.
For example:
Students at Nova Southeastern University have faced challenges
in learning how to use APA formatting. When discussing the
challenges, Strunk (1922) stated:
Use quotes around an article title or book chapter, but italicize
the title of a book, journal, brochure, or report when used in
the body of the paper. Use a short title in the parenthetical
citation or complete title if the title is short. NOTE Non-
periodical titles like books and book titles have all the
important words capitalized in the text citations, but these same
book titles do not have all the important words capitalized in
the reference list. (p. 342)
Continue here with your explanation or interpretation of the
block quote. Please write how the quote supports your thesis
specifically. This portion is a continuation of the original
paragraph that started with Students at Nova Southeastern
University.
APA References
Major points of the reference page(s) to keep in mind:
· Arrange entries in alphabetical order.
· An anonymous source is alphabetized by the word
“Anonymous.”
· A source that has no author is arranged, alphabetically by the

6. first significant word of the title.
· Do not indent the first line of the reference. Indent all
subsequent lines.
· Double space the entire references page.
· If references take up more than one page, do not retype the
word “References” on subsequent pages.
Unknown Author
If your source has an unknown author, the title of the article or
webpage is put in its place. Review the samples below for
reference and citation.
A place from where to speak: The university and academic
freedom. (2009). British
Journal of Educational Studies, 57(2), 146-163.
doi:10.1111/j.1467-
8527.2009.00429.x
NOTE: When your essay includes parenthetical citations of
sources with no author named, use a shortened version of the
source's title instead of an author's name. Use quotation marks
and italics as appropriate. For example, parenthetical citations
of the source above would appear as follows: (“A place from
where”, 2009).
Sample References
1. A magazine:

7. Last Name, F. (Publication Date). Article Title. Magazine
Name, Volume Number (Issue Number) Page Numbers.
Smith, J. (2009, January 21). Obama inaugurated as President.
Time, 171 (5) 21-23.
2. A Book:
Last Name, F. (Year Published). Book Title. Publisher City:
Publisher Name.
Brown, D. (2004). The DaVinci code. New York: Scholastic.
3. A journal from an online database:
Last Name, F. (Year Published). Article Title. Journal name,
Volume number, (Issue number)Page Numbers. Retrieved from
Web Address
Ayyamperumal, A., Parveen, B., Ravindran, V., & Tharini, G.
(2012). Cutaneous manifestations of internal malignancy. Indian
Journal of Dermatology, 57(4), 260. Retrieved from
http://go.galegroup.com/ps/i.do?id=GALE%7CA295455160&v
=2.1&u=pho38373&it=r&p=AONE&sw=w
4. A document or news website:
Last Name, F. (Year Published). Page title. Website title.
Retrieved from Web Address
Smith, J. (2009, January 21). Obama inaugurated as President.
CNN.com. Retrieved from http://www.cnn.com/POLITICS/
01/21/obama_inaugurated/index.html
5. A journal:
Last Name, F. (Year Published). Article Title. Journal name,
Volume number, (Issue number)Page Numbers.
Smith, J. (2009). Studies in pop rocks and Coke. Weird Science,
12 (1). 78-93.
6. A video weblog:

8. Video Title. (video file) Retrieved from Web Address
Preventive benefits-better health is in your hands. (video file).
Retrieved from
http://www.youtube.com/user/CMSHHSgov?v=Z5bjUYgfqhw
7. A radio/TV:
EPISODE OF PROGRAM: Last Name, F. (Writer), & Last
Name, F. (Director). (Year Broadcast). Episode [Program Type
series episode]. In F. Last Name (Producer), Program. Network
City: Network.
INDIVIDUAL BROADCAST: Last Name, F. (Producer). (Date
Broadcast). Program [Program Type broadcast]. Network City:
Network.
Crystal, L. (Executive Producer). (1993, October 11). The
McNeil Lehrer news hour. [Television broadcast]. New York
and Washington DC: Public Broadcasting Service.
8. An encyclopedia/dictionary:
Last Name, F. (Year Published). Article Title. In
Encyclopedia/Dictionary name (Vol. Volume Number, Page
Numbers). Publication City: Publisher Name.
Smith, J. (2009). Internet. In Encyclopaedia Britannica (Vol.
20, pp. 81-82). Chicago: Encyclopaedia Britannica.
Please note: these are the most common examples of sources
used by students, please use the APA manual or Purdue’s OWL
website.
The information collected in this handout is based on the
Publication Manual of the American Psychological Association,
6th Edition (July 2009) Washington, D.C.

9. ISOL536
Security Architecture
and Design
Week 3
“Privacy Threats”
Agenda
• What is privacy?
• Harms
• The IETF’s Privacy Considerations
• Privacy Impact Assessments
• The Nymity Ratchet
• Contextual Integrity
• Reading: Chapter 6
STRIDE Review
• STRIDE Review
Attack Violates
S Spoofing Authentication
T Tampering Integrity

10. R Repudiation Non-Repudiation
I Information Disclosure Confidentiality
D Denial of Service Availability
E Elevation of Privilege Authorization
What is Privacy?
• Lots of land with trees & bushes
• Curtains or venetian blinds
• Unlisted phone numbers, mailboxes
• Swiss bank accounts
What is Privacy? (II)
• Freedom from surveillance/NSA
• Anonymity
• Right to be left alone
• “Do not track” in browsers
Privacy vs Confidentiality
• Confidentiality is about the data
• Protects data from unauthorized users
• Privacy is about the individual
• How the data is used

11. National
• Freedom from surveillance/NSA
• Anonymity
• Right to be left alone
• “Do not track” in browsers
Harms Approach to Privacy
• Dan Solove (George Washington University law
professor)
• Understanding Privacy (2008)
• Presented privacy as a family of issues
• Presented a taxonomy of harms
• Can be used as a basis for looking at a system
Solove’s Harms
• Identifier creation*
• Information collection
• Surveillance, interrogation
• Information Processing
• Aggregation, identification, insecurity, secondary use,
exclusion
• Information dissemination
• Breach of confidentiality, disclosure, increased accessibility,

12. blackmail,
appropriation, distortion, [exposure]
• Invasion
• Intrusion, decisional interference
* Shostack adds identifier creation in Threat Modeling, see
discussion (page 112).
IETF Privacy Considerations
• Set of threats that each new protocol should consider
• Likely to change rapidly in post-Snowden world
• Combined security/privacy threats
• Surveillance, stored data compromise, misattribution
• Privacy threats
• Correlation, identification, secondary use, disclosure,
exclusion
(unawareness)
Privacy Impact Assessments
• A privacy analog to security threat modeling
• Usually presented as an end-to-end process
• Often more social than technical
• Can be very complementary
• Typical table of contents:

13. • Description of the project
• Description of the data flows[!]
• Analysis against “the” information privacy principles
• Analysis against other aspects of privacy
• Analysis of privacy controls
• Findings and recommendations
Nymity Slider
• Nymity: “the amount of information about the identity of
participants that is revealed in a transaction”
• Easy to move left, hard to move right
• Measure your system, don’t move accidentally
Contextual Integrity
• Helen Nissenbaum’s Privacy In Context (2009)
• A context is an anthropological term for a “sphere of life”
such as “school” or “work”
• Can be more specific — “This university’s CS department
expects…” — is a context
• A context has roles, activities, norms and values
associated with it (usually implicitly)
• Can be used to understand or predict privacy concerns

14. Augmented Contextual Integrity
• Simply:
1. Describe the new practice in information flows*
2. Identify the prevailing context
3. Identify information subjects, senders, & recipients*
4. Identify transmission principles*
5. Locate applicable norms, identify significant changes
6. Prima facie assessment
7. Evaluation
1. Moral & political, threats to autonomy/freedom, power
structures, fairness, justice, equality, etc.
8. Evaluation 2
1. Does the new directly impinge on values, goals of context?
9. Decide
• * Elements look a lot like other threat modeling
• Can be a lot of work in each step
LINDDUN
• Explicit mirror of STRIDE-per-element for privacy threat
modeling
• New proposal, unusual terminology
• LINDDUN
• Linkability
• Identifiability
• Non-Repudiation (vs Repudiation as a security threat)

15. • Detectability
• Disclosure of Information
• Content Unawareness
• Policy and consent Non-compliance
Recap
• Privacy can be challenging compared to security
• High potential for things to go badly wrong
• Ethically
• Public relations
• Tools exist to help
• Harms
• The IETF’s Privacy Considerations
• Privacy Impact Assessments
• The Nymity Ratchet
• Contextual Integrity
ISOL536
Security Architecture
and Design
Week 3
“Processing Threats”
Agenda

16. • When to find threats
• Playing chess
• How to approach software
• Tracking threats and assumptions
• Customer/vendor
• The API threat model
• Reading: Chapter 7
When to Find Threats
• Start at the beginning of your project
• Create a model of what you’re building
• Do a first pass for threats
• Dig deep as you work through features
• Think about how threats apply to your mitigations
• Check your design & model matches as you get close to
shipping
Attackers Respond to Your Defenses
Playing Chess
• The ideal attacker will follow the road you defend
• Ideal attackers are like spherical cows — they’re a useful
model for some
things

17. • Real attackers will go around your defenses
• Your defenses need to be broad and deep
“Orders of Mitigation”
Order Threat Mitigation
1st Window smashing Reinforced glass
2nd Window smashing Alarm
3rd Cut alarm wire Heartbeat signal
4th Fake heartbeat Cryptographic signal integrity
By Example:
• Thus window smashing is a first order threat, cutting
alarm wire, a third-order threat
• Easy to get stuck arguing about orders
• Are both stronger glass & alarms 1st order
mitigations? (Who cares?!)
• Focus on the concept of interplay between
mitigations & further attacks
How to Approach Software
• Depth first

18. • The most fun and “instinctual”
• Keep following threats to see where they go
• Can be useful skill development, promoting “flow”
• Breadth first
• The most conservative use of time
• Most likely to result in good coverage
Tracking Threats and Assumptions
• There are an infinite number of ways to structure this
• Use the one that works reliably for you
• (Hope doesn’t work reliably)
Example Threat Tracking Tables
Diagram Element Threat Type Threat Bug ID
Data flow #4, web
server to business
logic
Tampering Add orders without
payment checks
4553 “Need integrity
controls on channel”
Info disclosure Payment instruments
sent in clear
4554 “need crypto”

19. #PCI
Threat Type Diagram Element(s) Threat Bug ID
Tampering Web browser Attacker modifies our
JavaScript order
checking
4556 “Add order-
checking logic to
server”
Data flow #2 from
browser to server
Failure to
authenticate
4557 “Add enforce
HTTPS everywhere”
Both are fine, help you iterate over diagrams in different ways
Example Assumption Tracking
Assumption Impact if it’s
wrong
Who to talk
to
Who’s
following up

20. Follow-up by
date
Bug #
It’s ok to
ignore denial
of service
within the
data center
Availability
will be below
spec
Alice Bob April 15 4555
• Impact is sometimes so obvious it’s not worth filling out
• Who to talk to is not always obvious, it’s ok to start out blank
• Tracking assumptions in bugs helps you not lose track
• Treat the assumption as a bug – you need to resolve it
The Customer/Vendor Boundary
• There is always a trust boundary when:
• Your code goes to someone else’s (device/premises)
• Their data comes to your code
• Lawyers, pretending do not eliminate human trust issues
• You need to think about it while deciding what happens over
the data flow shown

21. Your software
Customer device
Your software
Your data center
Generic API Threat Model
• Perform security checks inside the boundary
• Copy before validation for purpose
• Is http://evil.org/pwnme.html “valid”?
• Define the purpose for data, validate near that definition
• Manage error reporting
• Document what checks happen where
• Do crypto in constant time
• Address the security requirements for your API
Recap
• When to find threats
• Playing chess
• How to approach software
• Tracking threats and assumptions
• Customer/vendor
• The API threat model

22. What’s next?
• Quiz
• Due Sunday 11:59 PM
• 10 multiple choice questions
• 20 minutes
• You have 2 chances (take highest grade)
• Reach chapters 8 and 9
Assignment 3a: Threats to the Global Environment
Due Week 9 and worth 150 points
Congratulations! The United Nations has hired you as a
consultant on global issues.
Many of the UN members are not satisfied with the progress of
the Millennium Development Goals. They believe that the
goals focus on the wrong issues. There is a disconnect between
the types of issues the developed countries in the UN
believe are priorities versus the issues that developing countries
of the UN want to prioritize. For example, the country of
Burundi has requested that one of the goals be focused on food
security. However, Austria is adamant that the major
current global issue is to mediate ceasefires within countries
experiencing a civil war.
You have been asked to provide an unbiased perspective and
identify the four issues that have the biggest impact on the
global environment.

23. Of the eight major threats listed below, choose the four that you
consider the most critical.
Energy sources Civil war
Globalization Poor health of entire populations
Lack of educational opportunities Cultural taboos
Inappropriate uses of technology Climate change
You will present your findings at the next UN General
Assembly. Your goal is to provide a brief history of each issue,
the
number of countries affected, and the effects of this threat on
the world population.
The completed version of this assignment will include the
following:
1. A PowerPoint presentation containing relevant information
for the UN General Assembly on four of the
eight threats listed above.
a. The order of your slides should reflect the order of priority
you assign to the four
threats you have chosen.
2. Create a minimum of four slides per threat (for a minimum 16
slides total) on the following topics:
a. A brief history of the threat
b. The number of countries affected, and how they are affected
(giving examples)
c. The effects of this threat on the world population as a whole

24. d. Include a chart or graph (see #4 below).
3. Each of the four slides will include:
a. A paragraph in the notes section to explain how the details
you have provided in
the slide is pertinent to the UN’s discussion on selecting and
prioritizing goals.
4. For each of the four threats, include one visual (graph or
chart) to represent the data you have collected.
The visual should be incorporated into the information/topics
presented in the slides.
5. Cite at least five credible sources excluding Wikipedia,
dictionaries, and encyclopedias.
For information on how to complete the required assignment
deliverables in PowerPoint, please refer to your Lynda.com
account or reach out to your instructor ahead of time.
This course requires use of Strayer Writing Standards (SWS).
The format is different compared to other Strayer University
courses. Please take a moment to review the SWS
documentation for details.
(Note: You’ll be prompted to enter your Blackboard login
credentials to view these standards.)
The specific course learning outcome associated with this
assignment is:
https://blackboard.strayer.edu/bbcswebdav/institution/STANDA
RDIZED/StrayerWritingStandards/Strayer_Writing_Standards.p
df

25. Examine the factors that account for why the growth in the
world’s population can negatively affect the
global society.
Grading for this assignment will be based on answer quality,
logic/organization of the presentation, and language and
writing skills, using the following rubric: