Revolution Against Cyber Thefts

Last week, I mentioned several websites where we can go to look for information.  Now, let’s get started with the first step in threat modeling, know your network (what do I have or create? ) .  It sounds simple, isn’t it?  At the abstract level, it is indeed simple.  We just lay out what we have.  Well, it is not that straightforward.  What we do in this step directly depends on the type of threat model we choose.  There are a few ways to threat model.  I list each of them with brief descriptions below: Asset centered method – Focus on assets to find possible threats and to develop protection.   For example, I want to protect my multifunction printer from the thief ; what are possible ways that my printer can be stolen or damaged.   Attacker centered method – Focus on the attacker’s skill, motivation, behavior, and characteristics.   Given the printer is connected to the network inside the home; what type of at...

Threat modeling Last week, I mentioned briefly about threat modeling and the six steps of STRIDE.   Threat modeling has four steps: Know your network (What do I have?) Know your vulnerabilities, threats, and risks (What are potential problems?) Know your decision (What can I do about them?) Know your result (Are the problems properly fixed?) A successful threat modeling requires good sources of existing and new threats and vulnerabilities.   Before going into details, let’s get started with information.   No or insufficient information could lead to an inaccurate decision in the modeling process.   I have noted a few links that provide just that can help.   For news, I read Security Week; for vulnerabilities, I visit National Vulnerability Database; for the security updates , I go to Symantec; and for guidelines, I look at National Institute of Standards and Technology.    Those sites provide a decent amount of data point for ...