I have a research paper that I would like to hire you to help me out.
It is on Dynamic Threat Modeling.
I want you to do a systematic literature review on Threat Modeling on smart city. First and foremost, I want all the threat modeling techniques and methodology analysed.
The advantages and disadvantages of the various techniques should be analysed.
I want to differenciate the static threat modeling techniques from the ones that could be employed as a dynamic Threat modeling technique and used to model likely threats in a smart city.
Scenarios should be given on an attack in a Smart environment to get the risk score and how the chosen dynamic technique would be better suited to model in such scenario.
For example, there are various nodes such as computers, smart printers, switches, routers in a Smart environment. Normally, the organisation would be doing all they can to protect these devices and systems because they are always subject to attacks. Normally, a risk assessment would be performed on these nodes to get their risk score (which is to show the level of risk) to show how to protect these assets.
Most times, the level of risk of one asset is higher than others because organisations value some assets than others. For example, organisation could put more value on a Web server than an email server. Others could value their systems to people, while another organisation would place more value on their data to protect their customers information.
Now, when a risk assessment is conducted, different values are placed on the various assets in an organisation or smart environment. For example, the risk score on a Web server is 5 out of 10 while that of the payroll is 2 out of 10.
When an attack happens on the organisation and the web server is targeted, there could be a chance that it might be penetrated. If it was successfully attacked, the organisation might be informed due to the kind of security system in place that gives them signal when something have been attacked. When this happens, the risk score would be raised from 2 to 8. Now, this can only be assessed again by the risk analyst by conducting another risk assessment. This is a static way of modelling the threat level of an entity. This method is not always encouraged because one have to manually risk assess the whole system again and could take time. This is where dynamic modelling comes in.
I want you to categorise all the threat modeling techniques such as STRIDE, OCTAVE for example. There are many many others.
I want them to be analysed critically. How they work, their advantages and disadvantages.
Analyse which of them are static, dynamic or can be used as both to model threats.
Analyse why static is not really ideal because we need the risk score to dynamically change as soon as a threat occurs and not having to manually wait for the risk officer to conduct another risk assessment.
Discuss the likely best framework/technique for my threat modeling. This will be used to compare other techniques in the literature. Also explain why (with referencing) a certain methodology would be best suited to be used to dynamically model threats in a Smart city domain.
Analyse and categorise if the static threat modeling techniques and dynamic modeling techniques (Is it quantitative or qualitative) could work for the scenerio. For example, does this meet my scenerio. Using OCTAVE as an example, we could say, it works for this scenario while STRIDE does not meet this scenario because this and that.
This paper should contain academic references
Note, this is on smart city. Conducting the analysis for threat modeling for a Smart city