Gather data
To help you navigate the infrastructure threat modeling module, we created a fictitious company, called Woodgrove Bank.
Company background
Woodgrove Bank, established in 2018, is an online banking provider that gives customers the ability to conduct financial transactions and bill payments online.
With no physical locations, Woodgrove relies on an online portal and cross-platform applications for their daily operations.
Customers can choose from free online transfers, high-interest yield savings accounts, and bill payment services.
Transactions are secured using best-in-class encryption, and customer service is available 24 hours a day, 7 days a week.
With transparent fees, real-time status updates, and money back guarantee, Woodgrove has what it takes to gain your business.
Your task
You were recently brought in by Woodgrove Bank's senior leadership team to:
- Identify infrastructure security gaps, and
- Find ways to reduce or eliminate risk.
After you met with various employees from different departments and asked them the assessment questions, here's what you found out:
Meeting notes
Category | Answers |
---|---|
Access control |
|
Secure development |
|
Business continuity |
|
Cryptography |
|
Asset management |
|
Legal |
|
Incident response |
|
Network |
|
Operations |
|
Physical and environmental |
|
Governance |
|
Security architecture |
|
Supplier |
|