This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 39 lines
!!! Overview
[{$pagename}] (or [Threat landscape]) describes the capabilities that an [attacker] is assumed to be able to deploy against a [resource]. [BCP 72] [{$pagename}] should contain such information as the resources available to an attacker in terms of
* information or [data]
* [computing capability|Computational Hardness Assumption]
* control of the system
[{$pagename}] purpose is twofold. First, we wish to identify the [threats] we are concerned with. Second, we wish to rule some [threats] explicitly out of scope. Nearly every security system is vulnerable to a sufficiently dedicated and resourceful [attacker].
[{$pagename}] helps you identify [Vulnerabilities|Vulnerability] to the [entities] you value and determine from whom you need to protect them. When building a threat model, answer these five questions:
* What do I want to protect? ([Resources])
* Who do I want to protect it from? ([Attackers])
* How bad are the consequences if I fail? ([Regulatory Risk], [Operational Risk] or [Real Risk])
* How likely is it that I will need to protect it? (consider [Attack Effort])
* How much trouble am I willing to go through to try to prevent potential consequences? ([Acceptable risk])
For a [closer look|https://ssd.eff.org/en/module/assessing-your-risks|target='_blank'] at each of these questions.
[{$pagename}] reviews should be performed any time a [Resource] is created and periodically as [Attacks] and [Vulnerabilities|Vulnerability] change over time.
!! [Internet Threat Model]
[Internet Threat Model] is described in [BCP 72] as a fairly well understood [{$pagename}].
!! Components of the [{$pagename}]
* [Malware]
** [Ransomware]
** [Spyware]
** [Botnet]
** [Keylogger]
* [Social Engineering Attack]
** [Pretexting]
** [Phishing]
** [Smishing]
** [Vishing]
** [Tailgating]
** [USB Attack]!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Assessing Your Risks|https://ssd.eff.org/en/module/assessing-your-risks|target='_blank'] - based on information obtained 2017-10-13-