Download presentation
Presentation is loading. Please wait.
Published byCecilia Lucas Modified over 9 years ago
1
Risk Assessment What is good about the Microsoft approach to threat modeling? OCTAVE… Advantage: ___________ Disadvantage: ___________ What is bad about it?
2
OCTAVE– a brief history 1999 OCTAVE developed by Software Engineering Institute 2003 2007 OCTAVE-S a streamlined version OCTAVE Allegro http://www.sei.cmu.edu/reports/07tr012.pdf
3
OCTAVE Allegro Roadmap (see reference on previous slide) OCTAVE Allegro Roadmap (see reference on previous slide)
4
The purpose is to think about later threat ranking Step 1: Establish Risk Mgmt Criteria This is concerned with things like … “organizational drivers”, “mission”, “business objectives”
5
Step 2: Develop an Info Asset Profile For a software project we need to __________________ ___________________ Step 3: Identify Asset Containers Where are the assets ..stored? ..transported? ..processed?
6
Step 4: Identify Areas of Concern Brainstorm possible threats Step 5: Identify Threat Scenarios Build threat trees A scenario is ___________________________
7
Step 6: Identify Risks Step 7: Analyze Risks Use formula of probability * impact Step 8: Select Mitigation Approach An interesting omission from the Microsoft approach
8
Ranking Example For a single threat/risk: There are worksheets to help discover ranges for ranking
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.