Differences between revisions 1 and 2
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
[[TableOfContents]] <<TableOfContents>>
Line 24: Line 24:
 * [http://blogs.msdn.com/larryosterman/archive/2005/01/17/354588.aspx Threat Modeling] on Larry Osterman's blog
 * [http://www.schneier.com/paper-attacktrees-ddj-ft.html Attack Trees] by [http://www.schneier.com/ Bruce Schneier] (from DDJ) 		 * [[http://blogs.msdn.com/larryosterman/archive/2005/01/17/354588.aspx|Threat Modeling]] on Larry Osterman's blog
 * [[http://www.schneier.com/paper-attacktrees-ddj-ft.html|Attack Trees]] by [[http://www.schneier.com/|Bruce Schneier]] (from DDJ)

Contents

  1. STRIDE threat classification
  2. Quotes
    1. Bruce Schneier's 5-step process for evaluating security measures
  3. References

STRIDE threat classification

  • Spoofing

  • Tampering

  • Repudiation

  • Information disclosure

  • Denial of service

  • Elevation of privilege

Quotes

Bruce Schneier's 5-step process for evaluating security measures

This five-step process works for any security measure, past, present, or future:

1) What problem does it solve?
2) How well does it solve the problem?
3) What new problems does it add?
4) What are the economic and social costs?
5) Given the above, is it worth the costs?

from http://www.schneier.com/crypto-gram-0204.html

References

iDIAcomputing: SecurityStrategies (last edited 2009-07-27 18:25:10 by localhost)