Security Management Strategies for the CIOAccess "Threat modeling follows attack tree as enterprise protection practice"
This article is part of the August 2004 issue of Weight lifter: Appliances that lighten your security load
The time has come to shed our reactionary "yesterday's threat" mentality and start thinking ahead and planning for what's to come. Enter threat modeling. Threat modeling is the logical and systematic evaluation of every avenue of approach. You can then prioritize each avenue's relative "threat level" based on factors such as the value of the target asset, likelihood of success and cost of attack. Threat modeling is the "show me" side of security derived from increasing C-suite skepticism regarding threats brought about by the overly restrictive recommendations of paranoid security pros. It forces auditors and architects to define more specifically what it would take to compromise a system. Threat modeling has its roots in concepts like Bruce Schneier's attack trees, Peter Tippett's synergistic controls, Marcus Ranum's zones of risk and every strategic military defensive exercise for the past 5,000 years. These are logical approaches to identifying unique attack points to understand where the risk is and how to defend against it. A handful of solutions aim to... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Cut security costs with all-in-one appliances and firewall policies
by Lisa Phifer, Contributor
Turnkey, all-in-one appliances offer cost-effective security with less hassle.
-
Enhancing security risk management with cyberinsurance
by Lamont Wood, Contributing Writer
When all else fails, there's cyberinsurance. Learn how to enhance security risk management with cyberinsurance.
-
Cut security costs with all-in-one appliances and firewall policies
by Lisa Phifer, Contributor
-
-
Data security failure: How the government broke our trust
The government exposed thousands of Native Americans' financial data to hackers. Elouise Cobell forced the government off the Internet.
-
Service-level agreement advantages and disadvantages
by Anne Saita
Learn about the advantages and disadvantages of service-level agreements.
-
Data security failure: How the government broke our trust
-
Columns
-
Service-level agreement management: Defining security policy roles
Does your security plan include expectations or incentives for SLAs? Lawrence Walsh explains why setting standards for your enterprise is essential.
-
Be prepared: How to prevent and detect botnets
by Marcus J. Ranum, Contributor
Sooner or later, enterprises have to deal with a remote-controlled compromise. By treating botnets as a disaster preparedness problem, they'll be on the right track.
-
IE security risks: Making the switch to a more secure browser
by Jay Beale
Given the huge Web-based risk exposure with everyone running the same operating systems should enterprises look for an alternative to IE? Short answer: Absolutely.
-
Threat modeling follows attack tree as enterprise protection practice
by Pete Lindstrom, Contributor
Does your enterprise maximize its threat modeling potential? Expert Pete Lindstrom displays threat-modeling best practices and shows how it can help protect your enterprise.
-
Anticipating the worst: Security threat awareness and mitigation
Many IT managers have been lulled into a false sense of security because cyberattacks haven't happened yet. The coin-flip principle provides an all-too-real cyberspace context.
-
Service-level agreement management: Defining security policy roles
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...