MSU The possible ATM Abuse & Misuse Causes PII Research Case Study In addition, you will investigate the use/misuse of PII data. As mentioned in the NIST S

MSU The possible ATM Abuse & Misuse Causes PII Research Case Study In addition, you will investigate the use/misuse of PII data. As mentioned in the NIST SP800-122
document, PII data can be used to distinguish an individual is to identify an individual. Some examples
of information that could identify an individual include, but are not limited to, name, passport number,
social security number, or biometric data. This week several documents were provided that described the requirements elicitation and gathering process. Several techniques were listed for gathering security requirements including misuse/abuse
cases, general processes, attack patterns and architectural risk analysis. For this assignment we focus on
misuse/abuse cases. Project: Requirements Misuse and Abuse Cases
Overview
This homework will allow you to demonstrate the generation of misuse/abuse cases for ATM system
that allows a user to enter swipe their card and enter a pin. Then they can check balances, withdraw
funds, deposit and transfer funds.
Image Reference: http://www.math-cs.gordon.edu/courses/cs211/ATMExample/UseCases.html
In addition, you will investigate the use/misuse of PII data. As mentioned in the NIST SP800-122
document, PII data can be used to distinguish an individual is to identify an individual. Some examples
of information that could identify an individual include, but are not limited to, name, passport number,
social security number, or biometric data.
Assignment Details
Your assignment includes two parts: ATM abuse/misuse case and PII research.
ATM abuse/misuse case:
This week several documents were provided that described the requirements elicitation and gathering
process. Several techniques were listed for gathering security requirements including misuse/abuse
cases, general processes, attack patterns and architectural risk analysis. For this assignment we focus on
misuse/abuse cases.
Although, you can use UML diagrams to document use case and misuse diagrams, for this effort, we will
use text demonstrating the flow of the misuse case. Using the flow as described above and the
information provided in this week’s reading on misuse cases, describe possible misuse cases for a typical
ATM application.
You should include a description of possible mitigations for threats and attacks.
PII research:
Based on your readings from this week, find several examples either online in your daily lives (forms you
have to complete) where possibly more information is gathered and stored on you than is needed.
Describe PII data and provide specific examples and list the PII data that is gathered. Discuss why this is
an issue and possible ways you can mitigate these issues. If you worked for the vendor, how could you
mitigate these issues? For example, sometimes a vendor may have the option to not store your credit
card or your personal information. Show screen shots of the vendors who are collecting this data where
possible.
Deliverable
You should create a word or PDF document with a detailed description of the possible misuse/abuse
cases as well as the possible mitigations and the results of your PII research. The document should be
well-written and include references for all sources you used support your work. Be sure to include your
name, date and course number on the document in the title page. Note: One well-organized document
with both parts of the assignment should be submitted. Page numbers should be included on each page
of the document.
Grading Rubric
Attribute
Meets
Does not meet
ATM abuse/misuse case
40 points
0 points
Describes possible misuse cases for
a typical ATM application based on
the provided UML diagram.
Does not describe possible misuse
cases for a typical ATM application
based on the provided UML
diagram.
Includes descriptions of possible
mitigations for threats and attacks.
Does not include descriptions of
possible mitigations for threats and
attacks.
PII research
Documentation
40 points
0 points
Contains several examples either
online in your daily lives where
possibly more information is
gathered and stored on you than is
needed.
Does not contain several examples
either online in your daily lives
where possibly more information is
gathered and stored on you than is
needed.
Describes PII data and provide
specific examples and list the PII
data that is gathered.
Does not describe PII data and
provide specific examples and list
the PII data that is gathered.
Discusses why this is an issue and
possible ways you can mitigate
these issues.
Does not discuss why this is an issue
and possible ways you can mitigate
these issues.
Discusses how you could mitigate
these issues, if you worked for the
vendor?
Does not discuss how you could
mitigate these issues, if you worked
for the vendor?
Includes screen shots of the vendors
who are collecting this data where
possible.
Does not include screen shots of the
vendors who are collecting this data
where possible.
20 points
Document contains minimal
spelling and grammar errors.
0 points
Document contains multiple
spelling and grammar errors.
Document includes page numbers.
Document does not include page
numbers.
References included using APA
style.
Title page includes Name, date
and course number.
Document includes both ATM and
PII research components.
References were not included.
Title page missing or did not
include name, date and course
number.
Document does not include both
ATM and PII research components.

Purchase answer to see full
attachment