Parthasarathy P ACA, CISA, CGEIT, CRISC, profile picture
Uploaded byParthasarathy P ACA, CISA, CGEIT, CRISC
1,016 views

Security Threat Mapping

This document introduces a security threat mapping template for tracking threats on a continuous basis. The template is meant to track technical weaknesses, exploited vulnerabilities, and organizational threats. It also tracks the impact areas of confidentiality, integrity, availability, and non-repudiation. The template can be used to highlight existing and planned controls and display residual risk after controls are implemented.

Embed presentation

Parthasarathy, ACA, CISA & CGEIThttp://ae.linkedin.com/in/prpsarathySecurity Threat MappingTemplate is suggestive. It is the personal and professional opinion of the author and it does not represent the view of the organization. Same has been developed over a period of time in interaction with various Organization and security professionals.
Objective of Security Threat MappingTrack the threats on a continuous basisTechnical Weakness – When a vulnerability is identified for any product or system or processWeakness Exploited – When a vulnerability is exploited by intruder either in that part of the world or else whereOrganization threats – Attacks that are being experienced by the organizationObsolete – Technological the threat has been eradicated.
Security Threat MappingC- Confidentiality, I – Integrity, A- Availability & N – Non repudiation.
HOW TO USE ?Track the weakness and trends happening in the region and all over the world.Place the incidence in the respective domain. Highlight the impact area in five colors representing from a score of one to five.Color the segment which are applicable Confidentiality, Integrity, Availability or Non repudiation.
Controls for Threat HighlightedHave a specific slide where the controls applicable for the threat with status – change in risk and corresponding risk score due to the implementation of controls.Controls ApplicableExisting ControlNo ControlControls that are planned.
Security Threat Mapping after controls implementationDisplay the residual Risk after the application of the controls for existing & planned.
Please reach prpsarathy@gmail.com for any suggestions / ClarificationThank youTemplate is suggestive. It is the personal and professional opinion of the author and it does not represent the view of the organization. Same has been developed over a period of time in interaction with various Organization and security professionals.

More Related Content

PPTX
Vulnerability Assesment
byDedi Dwianto
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
PPTX
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
byAndrew Gerber
 
PDF
The Critical Security Controls and the StealthWatch System
byLancope, Inc.
 
PPTX
A Brief Introduction to Penetration Testing
byEC-Council
 
PPTX
6 Most Popular Threat Modeling Methodologies
byEC-Council
 
PPTX
7 Steps to Build a SOC with Limited Resources
byLogRhythm
 
PPTX
Vulnerability Assessment Presentation
byLionel Medina
 
Vulnerability Assesment
byDedi Dwianto
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
byAndrew Gerber
 
The Critical Security Controls and the StealthWatch System
byLancope, Inc.
 
A Brief Introduction to Penetration Testing
byEC-Council
 
6 Most Popular Threat Modeling Methodologies
byEC-Council
 
7 Steps to Build a SOC with Limited Resources
byLogRhythm
 
Vulnerability Assessment Presentation
byLionel Medina
 

What's hot

PPTX
Vulnerability Assessment & Analysis (VAA) Overview
bySusan Rantall
 
PPT
Layered Approach - Information Security Recommendations
byMichael Kaishar, MSIA | CISSP
 
PPTX
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
byNorth Texas Chapter of the ISSA
 
PDF
The Incident Response Playbook for Android and iOS
byPriyanka Aash
 
PPTX
Skills that make network security training easy
byEC-Council
 
PPTX
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
byReZa AdineH
 
PPT
Planning and Deploying an Effective Vulnerability Management Program
bySasha Nunke
 
PDF
Medical Device Threat Modeling with Templates
byPriyanka Aash
 
PDF
Presentation on vulnerability analysis
byAsif Anik
 
PDF
Best vulnerability assessment training
byAdarshMathuri
 
DOCX
Backtrack manual Part1
byNutan Kumar Panda
 
PPTX
Challenges of Vulnerability Management
byRahul Neel Mani
 
PPTX
VAPT, Ethical Hacking and Laws in India by prashant mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPTX
Building a SOC - hackmiami 2018
byJose Hernandez
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PDF
Application Threat Modeling In Risk Management
byMel Drews
 
PPTX
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
byNorth Texas Chapter of the ISSA
 
PDF
Threat modeling demystified
byPriyanka Aash
 
PDF
ByteCode pentest report example
byIhor Uzhvenko
 
PPTX
Enterprise Class Vulnerability Management Like A Boss
byrbrockway
 
Vulnerability Assessment & Analysis (VAA) Overview
bySusan Rantall
 
Layered Approach - Information Security Recommendations
byMichael Kaishar, MSIA | CISSP
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
byNorth Texas Chapter of the ISSA
 
The Incident Response Playbook for Android and iOS
byPriyanka Aash
 
Skills that make network security training easy
byEC-Council
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
byReZa AdineH
 
Planning and Deploying an Effective Vulnerability Management Program
bySasha Nunke
 
Medical Device Threat Modeling with Templates
byPriyanka Aash
 
Presentation on vulnerability analysis
byAsif Anik
 
Best vulnerability assessment training
byAdarshMathuri
 
Backtrack manual Part1
byNutan Kumar Panda
 
Challenges of Vulnerability Management
byRahul Neel Mani
 
VAPT, Ethical Hacking and Laws in India by prashant mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Building a SOC - hackmiami 2018
byJose Hernandez
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Application Threat Modeling In Risk Management
byMel Drews
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
byNorth Texas Chapter of the ISSA
 
Threat modeling demystified
byPriyanka Aash
 
ByteCode pentest report example
byIhor Uzhvenko
 
Enterprise Class Vulnerability Management Like A Boss
byrbrockway
 

Similar to Security Threat Mapping

PDF
Vulnerability Management: A Comprehensive Overview
bySteven Carlson
 
PPT
Rm
byansulag19
 
PDF
Information Security Planning and Risk Analysis
byabacusgtuc
 
PPTX
Cyber Week 8.pptx.......................
bysalmannawaz6566504
 
PPTX
Gainful Information Security 2012 services
byCade Zvavanjanja
 
PPT
Risk Assessment And Management
byvikasraina
 
PDF
Big data Propels SIEM into the era of Security Analytics
byEMC
 
PPTX
Iso27001 Risk Assessment Approach
bytschraider
 
PPT
Risk Assessment Methodologies
byPhilippe A. R. Schaeffer
 
PDF
Defense In Depth Using NIST 800-30
byKevin M. Moker, CFE, CISSP, ISSMP, CISM
 
DOCX
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
bytamicawaysmith
 
PPTX
Information systems risk assessment frame workisraf 130215042410-phpapp01
byS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
PPT
Chapter 1 overview
bydr_edw777
 
PDF
CISSP Summary V1.1
bychristianreina
 
PDF
Risks threats and vulnerabilities
byManish Chaurasia
 
PPT
1. security management practices
by7wounders
 
PPTX
TA security
bykesavars
 
PPTX
Ta Security
byjothsna
 
PPTX
Confoo 2012 - Web security keynote
byAntonio Fontes
 
PDF
Outsourcing
bykarlhennessy
 
Vulnerability Management: A Comprehensive Overview
bySteven Carlson
 
Rm
byansulag19
 
Information Security Planning and Risk Analysis
byabacusgtuc
 
Cyber Week 8.pptx.......................
bysalmannawaz6566504
 
Gainful Information Security 2012 services
byCade Zvavanjanja
 
Risk Assessment And Management
byvikasraina
 
Big data Propels SIEM into the era of Security Analytics
byEMC
 
Iso27001 Risk Assessment Approach
bytschraider
 
Risk Assessment Methodologies
byPhilippe A. R. Schaeffer
 
Defense In Depth Using NIST 800-30
byKevin M. Moker, CFE, CISSP, ISSMP, CISM
 
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
bytamicawaysmith
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
byS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Chapter 1 overview
bydr_edw777
 
CISSP Summary V1.1
bychristianreina
 
Risks threats and vulnerabilities
byManish Chaurasia
 
1. security management practices
by7wounders
 
TA security
bykesavars
 
Ta Security
byjothsna
 
Confoo 2012 - Web security keynote
byAntonio Fontes
 
Outsourcing
bykarlhennessy
 

Security Threat Mapping

  • 1.
    Parthasarathy, ACA, CISA& CGEIThttp://ae.linkedin.com/in/prpsarathySecurity Threat MappingTemplate is suggestive. It is the personal and professional opinion of the author and it does not represent the view of the organization. Same has been developed over a period of time in interaction with various Organization and security professionals.
  • 2.
    Objective of SecurityThreat MappingTrack the threats on a continuous basisTechnical Weakness – When a vulnerability is identified for any product or system or processWeakness Exploited – When a vulnerability is exploited by intruder either in that part of the world or else whereOrganization threats – Attacks that are being experienced by the organizationObsolete – Technological the threat has been eradicated.
  • 3.
    Security Threat MappingC-Confidentiality, I – Integrity, A- Availability & N – Non repudiation.
  • 4.
    HOW TO USE?Track the weakness and trends happening in the region and all over the world.Place the incidence in the respective domain. Highlight the impact area in five colors representing from a score of one to five.Color the segment which are applicable Confidentiality, Integrity, Availability or Non repudiation.
  • 5.
    Controls for ThreatHighlightedHave a specific slide where the controls applicable for the threat with status – change in risk and corresponding risk score due to the implementation of controls.Controls ApplicableExisting ControlNo ControlControls that are planned.
  • 6.
    Security Threat Mappingafter controls implementationDisplay the residual Risk after the application of the controls for existing & planned.
  • 7.
    Please reach prpsarathy@gmail.com for any suggestions / ClarificationThank youTemplate is suggestive. It is the personal and professional opinion of the author and it does not represent the view of the organization. Same has been developed over a period of time in interaction with various Organization and security professionals.