More people warming up to Threat Modeling


A nice article on the subject, focused firmly on infrastructure, written by Pete Lindstrom at Information Security Magazine: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art927,00.html

The two opening para’s sum it up nicely:

The time has come to shed our reactionary “yesterday’s threat” mentality and start thinking ahead and planning for what’s to come. Enter threat modeling.

Threat modeling is the logical and systematic evaluation of every avenue of approach. You can then prioritize each avenue’s relative “threat level” based on factors such as the value of the target asset, likelihood of success and cost of attack.

Comments (2)

  1. Ilya says:

    Yes, Threat Modeling is going trendy. During my days at Trusecure it was interesting to observe buzz evolution. Once it was (well, besides these "In PKI we trust" etc) "Intrusion Detection", then "Prevention", then "Risk Management" and now it seems to be going to "Threat Modeling" (I’m wondering what will be next then 🙂 It is funny to see a paradigm been here for years nobody gives a sh.. cares about, finally warming up.