Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Slides:



Advertisements
Similar presentations
Sachin Rawat Crypsis SDL Threat Modeling.
Advertisements

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
WwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling With STRIDE and DREAD Chuck Ben-Tzur Security Consultant Sentry Metrics March 27, 2007.
Risk Analysis James Walden Northern Kentucky University.
Bridging the gap between software developers and auditors.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Control and Accounting Information Systems
Control and Accounting Information Systems
Security Controls – What Works
Introducing Computer and Network Security
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Information Systems Controls for System Reliability -Information Security-
Application Threat Modeling Workshop
Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
G53SEC Computer Security Introduction to G53SEC 1.
Architecting secure software systems
Information Systems Security Computer System Life Cycle Security.
Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.
Risk Analysis in Software Design Author: Verdon, D. and McGraw, G. Presenter: Chris Hundersmarck.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Risk Assessment Farrokh Alemi, Ph.D. Monday, July 07, 2003.
Risk Analysis James Walden Northern Kentucky University.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Hands-On Threat Modeling with Trike v1. Generating Threats.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Practical Threat Modeling for Software Architects & System Developers
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Module 2: Designing Network Security
Project management Topic 5 Risk. What is risk? An uncertain outcome – either from a positive opportunity or negative threat Risk management is about:
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Computer Security By Duncan Hall.
IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Chapter 1: Security Governance Through Principles and Policies
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015.
Introduction and implementation OWASP Risk Rating Management
Threat Modeling - An Overview All Your Data is Mine
Evaluating Existing Systems
Threat modeling Aalto University, autumn 2013.
Chapter Three Objectives
Evaluating Existing Systems
Off-line Risk Assessment of Cloud Service Provider
Security Engineering.
CYB 110 Competitive Success/snaptutorial.com
Chapter 27 Security Engineering
Security Consulting and Strategic Research
Must cost less than possible Impact
Cybersecurity Threat Assessment
ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions
Presentation transcript:

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE

Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) ______ potential for harmful event/attack can be realized by an… that occurs due to a… ______ that should be mitigated by a… __________ ____________

Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) Why?  create a list of vulnerabilities  bridge gap between design & deployment  help cross team communication  raise awareness of security  identify areas of security requiring more research The Players  Customers  Business Analysts  Software architects  Developers  Testers

Threat Modeling Steps

 What can we prevent?  What do we care about most?  What is the worst thing that can happen?  What laws and regulations apply? Step 1: Identify Security Objectives Identify the system assets. Focus on confidentiality, integrity, availability.

Ways to depict software architecture: __________ Diagram _____ Diagram Step 2: Describe System Architecture

Class Diagrams A picture depicting classes and interconnections. Basic NotationSimple Example

Data Flow Diagrams A picture depicting how data flows within a software system. Basic NotationSimple Example

Data Flow Example 2 System Data Flow Example 2 System

Drill down to details of software architecture: Data Flow Diagram  processes expanded into other processes and flows Class Diagram  include methods, packages, inner classes  include files, external calls & parameter lists Step 3: Decompose app _____________

Example 2 Edit zoom Example 2 Edit zoom

This requires a systematic approach: 2) use a classification framework like STRIDE  _________(authenticity)  _________(integrity)  _________  _________ disclosure (confidentiality)  _____ of service (availability)  ________ of privilege (authorization) 1) look at detailed design for…  trust boundaries  entry points  exit points Step 4: Identify Threats

Attack Trees Attack trees (also called threat trees) describe the nature of an attack. Drawing attack trees helps with understanding, discovering, and mitigating threats. Notation A tree  root is the goal for the attack  children (of a node) define methods to achieve parent  children may be ORed or ANDed

Example

Develop a systematic approach:  start with an accepted approach Step 5: Rate Threats  adjust weighting with experience Two possible approaches  Risk = Threat X Asset  DREAD

Risk = Threat X Asset The basic formula: Risk = Threat probability * Damage potential Threat probability accounts for exploitability & mitigations. Damage potential is basically the cost or impact. Ranges?  numbers might be difficult to use  categories (3 to 5) is usually sufficient

A Graph of Threats High Medium Modest Low ModestMediumHigh Probability of Occurrence Potential Damage

DREAD (Microsoft’s first model) DREAD (Microsoft’s first model) Damage potential How much damage will the exploit produce? Reproducability How likely is it for the attack to recur? Exploitability How easy is it to carry out the attack? Affected users What fraction of users will be affected? Discoverability What are the odds an attacker can find the vul? Risk = min(D, (D+R+E+A+D)/5)

Problems with DREAD It’s not simple. Frequent disagreement over risk numbers  customers don’t agree with developers  people with the same roles don’t agree This lead to a simpler severity rating system... Originally, each vul (DREAD) was graded 0-no threat to 10-high. It’s subjective.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.