We use many different types of risk management methodologies and tools. A part of the process involves identifying the threats to our system, generally by attackers who would harm our systems and data (assets)
We use many different types of risk management methodologies and tools. A part of the process involves identifying the threats to our system, generally by attackers who would harm our systems and data (assets). I've included a project that walks you through a simple threat modeling exercise, using STRIDE, which you will apply using a scenario, to understand the basic process.
1. Read the threat modeling article using STRIDE located at https://www.webtrends.com/blog/2015/04/threat-modeling-with-stride/and complete a threat model and risk management plan
2. Read the attached Project description. you will create a report for your "boss" identifying the threats to your systems/assets in the scenario, who the attackers are, how they will attack (using STRIDE), and will make recommendations for security controls (use your textbook, too).
Comments
Post a Comment