Get to Know the Threats Facing Your Business
posted by John Spacey, March 07, 2011If you know the enemy and know yourself you need not fear the results of a hundred battles.
~ Sun Tzu
Threat analysis is about understanding your enemy - or at least the information security risks facing your organization. Threat analysis has 3 basic steps:
Model the System
Models should include all the places where security typically breaks down — data flows, entry and exit points, trust boundaries, processes and components.Identify Threats
The model is used to generate a list of potential threats. Threat identification is a brainstorming activity that draws upon known threats and vulnerabilities and analysis of the system model by architects, developers, business SMEs and security experts.Rank Threats
Threat-risks are ranked according to impact and likelihood.
Continuous Controls Monitoring for Transactions (CCM-T) is a governance, risk and compliance technology. There are 4 typical functions of a CCM system. |
Recently on Simplicable
The Difference Between Public, Private and Hybrid Cloudposted by Anna MarPopular ideas such as cloud computing get twisted, turned and flipped upside down before anyone can agree on common definitions. |
5 Levels of Tech Savvy Blissposted by Anna MarModern technology customers and industry insiders are faced with a constant stream of change. Human ability to adapt to this pace of change is remarkable. |
The 20 People In Your Organization Who Need Enterprise Architectureposted by Anna MarEnterprise architects are leaders. They're near the top of the technical food chain in any organization. As leaders, there are a lot of people in the organization EAs can help. |