Credit: Bing Image Creator
Post date: 16/16/23

Current Update: Use Case in Cysec

Next: ???
Use Case in Cysec

What is it?

Per my understanding a use case has to be a scenario that is structurally laid out or defined step by step, in which a systems receive some sort of input and provides response for clarity in understanding the implementations of the system.

In cysec, this is a scenario of an attack or event that poses a threat to a system and the mitigation methods applied say (sec control, policies and guidelines).

The phrasal structure of use cases are often in verb noun formate like prevent intrusion , protect web applications, secure ssh login etc.

Use Case Elements

The common elements that form the fundamental structure of a use.

  • Actor: user or services interacting with the system.

  • Precondition: The ideal state the system should be in before normal operations

  • Trigger: Action or event that initiates an operation on the system

  • Mian-flow: Normal flow of the system's operations as expected

  • Alternative: Exceptions and malfunctions that sways the system from its main-flow

MITRE ATT&CK provides attack tactics and techniques, this bank of knowledge can be used in threat modelling and creating mitigation processes

Practical Scenario

A Use Case To Prevent DDOS Attack on e-commerce Website

Distributed Denial of Service, This cyberattack overloads servers in an attempt to exhaust server resources preventing legitimate clients access to services provided by the server. A use case of DDOS preventions aims to ensure a system(server) is not starved of resources to serve clients. with this it will help to clearly identify the related elements, hmm…

  • Actor: The actor or actors here could be customers/ Administrators or third party applications and service interacting with the e-commerce site.

  • Precondition: Ensuring that all functions on the site works well and in a secure manner like payment systems, order buttons, firewall (WAF) implemented and best practices are followed. With security in mind would be wise to ensure risk management techniques are implemented and availability is ensured and the overall system conforms to the CIA Triad.

  • Trigger: Any event or action that sends a request to website or activates a response from the website.

  • Postcondition: The system may function normally or abnormally. Requests from clients are handled by the server as expected.

  • Main-flow: System resources can handle operations, and also ensuring applications and services for logging, monitoring and alerting on events are functioning as well. This will help to notice and event that may initiate system starvation on resources. Resource starvation may not always be an effect of an attack but admin misconfiguration and bad programming that may cause memory leaks.

  • Alternative: Ensuring availability through redundancy and scaling, having IR team at hand.