Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad.

Published byCecilia Lucas Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad."— Presentation transcript:

1 Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad about it?

2 OCTAVE– a brief history 1999 OCTAVE developed by Software Engineering Institute 2003 2007 OCTAVE-S a streamlined version OCTAVE Allegro http://www.sei.cmu.edu/reports/07tr012.pdf

3 OCTAVE Allegro Roadmap (see reference on previous slide) OCTAVE Allegro Roadmap (see reference on previous slide)

4 The purpose is to think about later threat ranking Step 1: Establish Risk Mgmt Criteria This is concerned with things like … “organizational drivers”, “mission”, “business objectives”

5 Step 2: Develop an Info Asset Profile For a software project we need to  __________________  ___________________ Step 3: Identify Asset Containers Where are the assets ..stored? ..transported? ..processed?

6 Step 4: Identify Areas of Concern Brainstorm possible threats Step 5: Identify Threat Scenarios Build threat trees A scenario is ___________________________

7 Step 6: Identify Risks Step 7: Analyze Risks Use formula of probability * impact Step 8: Select Mitigation Approach An interesting omission from the Microsoft approach

8 Ranking Example For a single threat/risk: There are worksheets to help discover ranges for ranking

Download ppt "Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE…  Advantage: ___________  Disadvantage: ___________ What is bad."

Similar presentations

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.
RISK MANAGEMENT PROGRAM AND PROJECT MANAGEMENT APPLICATION OCTOBER 6, 2006 Presented by Don Devieane, CGA, Manager Risk Management Program.

RISK MANAGEMENT PROGRAM AND PROJECT MANAGEMENT APPLICATION OCTOBER 6, 2006 Presented by Don Devieane, CGA, Manager Risk Management Program.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Stage Gate - Lecture 21 Stage Gate – Lecture 2 Review Process © 2009 ~ Mark Polczynski.

Stage Gate - Lecture 21 Stage Gate – Lecture 2 Review Process © 2009 ~ Mark Polczynski.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.

Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.
Project Management.

Project Management.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Risk Assessment & Risk Management at GSFC

Risk Assessment & Risk Management at GSFC
9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.

9-Performing Vulnerability Assessments Dr. John P. Abraham Professor UTPA.
A Portfolio Approach to Enterprise Risk Management Bruce B. Thomas November 11, 2002.

A Portfolio Approach to Enterprise Risk Management Bruce B. Thomas November 11, 2002.
Unit 6 – Risk Management and safety management system

Unit 6 – Risk Management and safety management system
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Crisis Management in Organizations

Crisis Management in Organizations
Project Risk Management

Project Risk Management
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Implementing an effective risk management strategy based upon knowledge Peter Scott.

Implementing an effective risk management strategy based upon knowledge Peter Scott.
April 3-5, 2005Security Professionals Conference - 2005 Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring.

April 3-5, 2005Security Professionals Conference Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring.

Similar presentations

Ads by Google