May 27, 2004

Understanding Threat Modeling

I recently stumbled across a couple of resources via some mailing lists describing different aspects of threat modeling. Having it for future reference, I figured I would blog it for everyone:

Posted by SilverStr at May 27, 2004 09:21 AM | TrackBack
Comments

Dana, you may want to add Chapter 3 of the book "Improving Web Application Security" to the list as well. Online version at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh03.asp

Posted by: Anil John at May 27, 2004 10:01 AM

Good reference Anil. Now added to the list. Thanks!

Posted by: SilverStr at May 27, 2004 10:55 AM

This is my personal contribution to "Information security management". ( http://seguridad-para-usuarios.blogspot.com).
My blog is in spanish, and i read your blog all days with rss reader.

I suggest read about MAGERIT
It's a Methodology of public organizations for Risks Analysis and Management of Information Systems studies the risks that an information system supports as well as the related environment. A risk is the possibility of damage or injury to ocurr in the system according to the existing threats. MAGERIT recommends the appropriate safeguard functions and mechanisms that should be taken, in order to know, prevent, impede, reduce or control the investigated risks.

It's the last metodology developed for "Risk management" and include the best things from Octave, Cramm, ...)

Regars,
This seminar introduces the main current activities concerning Risks Analysis and Management and in Security of Information Systems. It also presents the MAGERIT methodology and emphasizes in the practical aspects associated to the study, making use of the experience of the teachers in information systems in general, and in the application to actual cases of study with MAGERIT, in particular.

Posted by: Javier Cao Avellaneda at May 28, 2004 03:32 AM

This is my personal contribution to "Information security management". ( http://seguridad-para-usuarios.blogspot.com).
My blog is in spanish, and i read your blog all days with rss reader.

I suggest read about MAGERIT.
It's a Methodology of public organizations for Risks Analysis and Management of Information Systems studies the risks that an information system supports as well as the related environment. A risk is the possibility of damage or injury to ocurr in the system according to the existing threats. MAGERIT recommends the appropriate safeguard functions and mechanisms that should be taken, in order to know, prevent, impede, reduce or control the investigated risks.

It's the last metodology developed for "Risk management" and include the best things from Octave, Cramm, ...)

Regars,
This seminar introduces the main current activities concerning Risks Analysis and Management and in Security of Information Systems. It also presents the MAGERIT methodology and emphasizes in the practical aspects associated to the study, making use of the experience of the teachers in information systems in general, and in the application to actual cases of study with MAGERIT, in particular.

Posted by: Javier Cao Avellaneda at May 28, 2004 03:32 AM

You can read about MAGERIT in http://www.csi.map.es/csi/pdf/magerit_ingles.pdf

This methodology has been developed based ISO 13335, ITSEC criteria and ISO 17799.

Regards

Posted by: Javier Cao Avellaneda at September 23, 2004 08:37 AM