SecurityStrategies - iDIA Computing

Login

SecurityStrategies

Revision 2 as of 2009-07-27 18:25:10

Immutable Page
Comments
Info
More Actions:

Contents

STRIDE threat classification
Quotes
1. Bruce Schneier's 5-step process for evaluating security measures
References

STRIDE threat classification

Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege

Quotes

Bruce Schneier's 5-step process for evaluating security measures

This five-step process works for any security measure, past, present, or future:

1) What problem does it solve?
2) How well does it solve the problem?
3) What new problems does it add?
4) What are the economic and social costs?
5) Given the above, is it worth the costs?

from http://www.schneier.com/crypto-gram-0204.html

References

Threat Modeling on Larry Osterman's blog
Attack Trees by Bruce Schneier (from DDJ)