1
2
3
4
5
6
7
Single loss expectancy (SLE) is the value you expect to lose each time a riskoccurs. You calculate SLE by using the follow...
Single loss expectancy (SLE) is the value you expect to lose each time a riskoccurs. You calculate SLE by using the follow...
Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the foll...
Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the foll...
Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the foll...
13
14
15
16
17
18
Microsoft says:Provides a consistent methodology for objectively identifying and evaluatingthreats to applications.Transla...
20
Step 1: Identify security objectives.Clear objectives help you to focus the threat modeling activity and determinehow much...
22
23
24
25
26
Would prefer to use a diagram here                                     27
28
29
30
31
32
33
34
35
36
Define Locations, Interfaces & Users (Trust Levels) But not “assets”, asorganizations are too complexCreate a map showing ...
Risks are gleamed from three sources       Analyst Experience       Organizational History       Group BrainstormingEach R...
This creates a Threat Vector       Directly linked:               What Interfaces could this Risk Impact?       Indirectly...
The Threat Vector therefore becomes a 4-Tuple       Risk, Interface, Location, User       A many-to-many relation means th...
Tests could be any of      Focused Technical Tests              E.g. Penetration Test      Sample Data              Drawn ...
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Upcoming SlideShare
Loading in …5
×

Corporate Threat Modeling v2

940 views

Published on

Presentation by Charl der Walt and Francesco Geremla at The ITweb security summit in 2009.

This presentation is about the methodology behind version 2 of Sensepost's threat modeling tool, the corporate threat modeller.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
940
On SlideShare
0
From Embeds
0
Number of Embeds
35
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Corporate Threat Modeling v2

  1. 1. 1
  2. 2. 2
  3. 3. 3
  4. 4. 4
  5. 5. 5
  6. 6. 6
  7. 7. 7
  8. 8. Single loss expectancy (SLE) is the value you expect to lose each time a riskoccurs. You calculate SLE by using the following formula: SLE = AV x EF 8
  9. 9. Single loss expectancy (SLE) is the value you expect to lose each time a riskoccurs. You calculate SLE by using the following formula: SLE = AV x EF 9
  10. 10. Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the following formula: ALE = SLE xARO 10
  11. 11. Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the following formula: ALE = SLE xARO 11
  12. 12. Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the following formula: ALE = SLE xARO 12
  13. 13. 13
  14. 14. 14
  15. 15. 15
  16. 16. 16
  17. 17. 17
  18. 18. 18
  19. 19. Microsoft says:Provides a consistent methodology for objectively identifying and evaluatingthreats to applications.Translates technical risk to business impact.Empowers a business to manage risk.Creates awareness among teams of security dependencies and assumptions. 19
  20. 20. 20
  21. 21. Step 1: Identify security objectives.Clear objectives help you to focus the threat modeling activity and determinehow much effort to spend on subsequent steps.Step 2: Create an application overview.Itemizing your applications important characteristics and actors helps you toidentify relevant threats during step 4.Step 3: Decompose your application.A detailed understanding of the mechanics of your application makes it easierfor you to uncover more relevant and more detailed threats.Step 4: Identify threats.Use details from steps 2 and 3 to identify threats relevant to your applicationscenario and context.Step 5: Identify vulnerabilities.Review the layers of your application to identify weaknesses related to yourthreats. Use vulnerability categories to help you focus on those areas wheremistakes are most often made. 21
  22. 22. 22
  23. 23. 23
  24. 24. 24
  25. 25. 25
  26. 26. 26
  27. 27. Would prefer to use a diagram here 27
  28. 28. 28
  29. 29. 29
  30. 30. 30
  31. 31. 31
  32. 32. 32
  33. 33. 33
  34. 34. 34
  35. 35. 35
  36. 36. 36
  37. 37. Define Locations, Interfaces & Users (Trust Levels) But not “assets”, asorganizations are too complexCreate a map showing how Locations, Users and Interfaces relate Users are restricted to locations Interfaces are exposed to locations 37
  38. 38. Risks are gleamed from three sources Analyst Experience Organizational History Group BrainstormingEach Risk has key elements Likelihood ImpactUse an iterative process to describe the Risk, apply it to an Interface, then refine as requiredA new Risk is added if: Likelihood or Impact differs The required defense is likely to differ 38
  39. 39. This creates a Threat Vector Directly linked: What Interfaces could this Risk Impact? Indirectly linked: What Trust Level is required? At which location would such Users be found? 39
  40. 40. The Threat Vector therefore becomes a 4-Tuple Risk, Interface, Location, User A many-to-many relation means the number of Threat Vectors scales linearly 40
  41. 41. Tests could be any of Focused Technical Tests E.g. Penetration Test Sample Data Drawn from existing monitoring systems e.g. Incident Logs or previous assessments Interviews Conducted with relevant individuals or teams Policy and procedure reviews Research Drawing on external sourcesThe more tests are conducted the more certainty we haveHowever, the most ‘efficient’ tests are easily calculated by considering theWeights of all the Threat Vectorsimpacted 41
  42. 42. 44
  43. 43. 45
  44. 44. 46
  45. 45. 47
  46. 46. 48
  47. 47. 49
  48. 48. 50
  49. 49. 51
  50. 50. 52
  51. 51. 53
  52. 52. 54
  53. 53. 55
  54. 54. 56
  55. 55. 57
  56. 56. 58
  57. 57. 59
  58. 58. 60
  59. 59. 61
  60. 60. 62
  61. 61. 63
  62. 62. 64
  63. 63. 65
  64. 64. 66

×