Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad.

Similar presentations


Presentation on theme: "Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad."— Presentation transcript:

1 Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad about it?

2 OCTAVE– a brief history 1999 OCTAVE developed by Software Engineering Institute 2003 2007 OCTAVE-S a streamlined version OCTAVE Allegro http://www.sei.cmu.edu/reports/07tr012.pdf

3 OCTAVE Allegro Roadmap (see reference on previous slide) OCTAVE Allegro Roadmap (see reference on previous slide)

4 The purpose is to think about later threat ranking Step 1: Establish Risk Mgmt Criteria This is concerned with things like … “organizational drivers”, “mission”, “business objectives”

5 Step 2: Develop an Info Asset Profile For a software project we need to  __________________  ___________________ Step 3: Identify Asset Containers Where are the assets ..stored? ..transported? ..processed?

6 Step 4: Identify Areas of Concern Brainstorm possible threats Step 5: Identify Threat Scenarios Build threat trees A scenario is ___________________________

7 Step 6: Identify Risks Step 7: Analyze Risks Use formula of probability * impact Step 8: Select Mitigation Approach An interesting omission from the Microsoft approach

8 Ranking Example For a single threat/risk: There are worksheets to help discover ranges for ranking


Download ppt "Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad."

Similar presentations


Ads by Google