Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our threat modeling module. Threat modeling is a system that we can use to provide a structured approach to making informed decisions about risk management. The first step is to assess the scope of our threat modeling. Whether we will be looking at our software, hardware, our processes, or all of these.
We should then determine our threat agents, which could be our adversaries, our employees, our partners, or contractors that work for the organization. We then need to look at possible attacks, such as social engineering attacks, spoofing, or data ex-filtration attacks, where someone steals data that they are not entitled to.
We then need to understand the countermeasures that we already have in place, locate our exploitable vulnerabilities that an individual may be able to take advantage of. Once we've come up with our risks, we have to prioritize them based on the likelihood of them occurring and the impact. We should always address the most severe risks first, rather than simply addressing the risks in the order in which they were identified.
We should then identify countermeasures that we can use to reduce the threats to our organization. Microsoft provides a threat modeling solution known as STRIDE, which is an acronym for the common threats that you might experience, spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege. This is a free tool that can be downloaded from the Microsoft download center and it basically is a trimmed down version of Visio that can be used to create data flow diagrams.
You can use this tool to create your data flow diagram model, analyze the model for any potential threats, determine the threats that have been mitigated, record threat model information, and then continue to mitigate your remaining threats. You may see STRIDE on the CISSP examination as a potential threat modeling solution that is offered by Microsoft free of charge.
When you're working with risks using threat modelling, you have to identify the risks, not only to your hardware and software, but also to your operations and your employees. You'll have to identify threats and threat agents, such as external threats from hackers, your adversaries or competitors, insider threats from disgruntled employees, or partners or even contractors.
As well as environmental threats such as earthquakes, tornado or other severe weather situations. You should determine and diagram your potential attacks, such as spoofing and impersonation attacks, social engineering attacks and so on. And then perform reduction analysis to determine the most cost effective mitigation techniques to reduce the risks to your organization.
You should then evaluate technologies, processes, and controls that you can use to remediate the threats, such as software architecture or operational changes. This concludes our threat modeling module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!