Single Asset QTRA for: eReader Usage Information
Date: 2019-06-05
Analyst: jfr@qtra.io



Nav: ←, →, ↑, ↓
'esc': slides overview
Feature or Asset In Scope

Name Description
eReader Usage Information Usage PII and other data from ebook reader device

Relative Sensitivity to Compromise



Name Confidentiality Integrity Availability
eReader Usage Information High Medium Very Low
Threat Actors in Scope

Threat Actor compromises, "eReader Usage Information"
Threat Stories

Ransomware Crew compromises the Availability of eReader Usage Information to extract bitcoin ransom for reader PII as result of EPUB vuln.
Border Agent compromises the Confidentiality of eReader Usage Information to select for enhanced screening based on perception of book titles.
Device Thief compromises the Confidentiality of eReader Usage Information steal credit card number from firmware,
Platform Vendor compromises the Confidentiality of eReader Usage Information to profile user to re-price future purchases, or for job interview background check.
Tinder Date compromises the Confidentiality of eReader Usage Information to snoop personal preferences for relationship leverage.
Malware Authors compromises the Integrity of eReader Usage Information to automatically buy expensive books using epub virus.
Model Threat Scenarios
Threat Actor compromises Confidentiality, Integrity, or Availabilty of Asset
Simple Asset Threat Exposures Threat Actor compromises Asset
Asset Risk
Recommended priority to respond to threats based on current controls.
Controls
Security Control at Stack Layer protects Asset
Logical Security Model
Technologies at Stack Layer use Controls to protect Asset

Asset Controls Coverage

Current Security Controls for: eReader User Information

Prevention Detection Response
Application

CI

tbd.

I

Network

CI

tbd.

tbd.

Endpoint

CI

tbd.

tbd.

Cloud

tbd.

I

tbd.

Confidentiality: High , Integrity: Medium, Availability: Very Low