Collaborate Disseminate
My understanding is that, threat modelling is used at the design stage to identify the possible threats, prioritize them and help in identifying security requirements/security controls. Vulnerability assessment is done during development a… Continue reading What is difference & link between threat modelling and vulnerability assessment?
When Christopher Krebs was director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), his job was to make sure he understood the risk management landscape so the agency could fulfill its role as th… Continue reading How Threat Modeling Enabled Election Security
When it comes to threat modeling, many businesses plan as if there were only a few possible scenarios in which cybersecurity or privacy-related incidents could occur. We need to plan for more cybersecurity hazards than just basic social engineering, insider threats and product vulnerabilities. Both our businesses and our customers face threats that are messier than […]
The post Consider the Human Angle in Your Threat Modeling appeared first on Security Intelligence.
Continue reading Consider the Human Angle in Your Threat Modeling
Am researching on how Threat Risk Assessments can be performed along with Threat Modelling. How can you integrate Threat Modelling (TM) as part of your Risk Assessment (RA) process?
Especially interested in a NIST/ ISO27k based Threat Risk… Continue reading How can Threat Risk Assessments can be performed along with Threat Modelling? [closed]
STRIDE threat modeling is an important tool in a security expert’s arsenal. Threat modeling provides security teams with a practical framework for dealing with a threat. For example, the STRIDE model offers a proven methodology of next steps. It can suggest what defenses to include, the likely attacker’s profile, likely attack vectors and the assets […]
The post What is STRIDE and How Does It Anticipate Cyberattacks? appeared first on Security Intelligence.
Continue reading What is STRIDE and How Does It Anticipate Cyberattacks?
is there any way to have a good effort time estimation of a Threat Modeling and Risk Assessment activity for an internal infrastructure (about 30 active nodes)?
In general, is it possible to find a "best practice" to estimate eff… Continue reading Threat Modeling and Risk Assessment Effort Estimation
What are some common internal and external attacks that an attacker uses to reach the level 0 zone and what can one do to mitigate them?
I have an exercise with the Firewall model as shown below.
My problem is not being able to set the IP address (When I set this model, I noticed the lack of a router in the "server area", I thought this was a problem I couldn’t do… Continue reading Set the IP address for the Network model, Firewall Model and Security issue [closed]
I have a macbook pro work device (work has root access) connected to my local network. It is the only machine on my network at the time I’m working.
After work, I disconnect the macbook, I factory reset my router and connect my personal co… Continue reading Threat model for recently connected device on my network
So I’ve been trying to merge all 3 templates provided by MS in the Threat Modelling tool to benefit from a number of vital components scattered across the Default, Azure and Medical template. Unfortunately a number of errors were encounter… Continue reading Microsoft Threat Model – Merging all 3 templates