<> == STRIDE threat classification == * '''S'''poofing * '''T'''ampering * '''R'''epudiation * '''I'''nformation disclosure * '''D'''enial of service * '''E'''levation of privilege == Quotes == === Bruce Schneier's 5-step process for evaluating security measures === {{{ This five-step process works for any security measure, past, present, or future: 1) What problem does it solve? 2) How well does it solve the problem? 3) What new problems does it add? 4) What are the economic and social costs? 5) Given the above, is it worth the costs? }}} from http://www.schneier.com/crypto-gram-0204.html == References == * [[http://blogs.msdn.com/larryosterman/archive/2005/01/17/354588.aspx|Threat Modeling]] on Larry Osterman's blog * [[http://www.schneier.com/paper-attacktrees-ddj-ft.html|Attack Trees]] by [[http://www.schneier.com/|Bruce Schneier]] (from DDJ)