Threat Model
40 views
Skip to first unread message
Anil Kumar K
Sep 15, 2018, 7:35:11 AM9/15/18
to cissp...@googlegroups.com
Which is the following first step in threat modeling ?
A) Determine Vulnerabilities
B) Determine if a given threat source has the means to exploit vulnerabilities
C) Identify assets
D) Determine who would want to exploit a given vulnerability.
A) Determine Vulnerabilities
B) Determine if a given threat source has the means to exploit vulnerabilities
C) Identify assets
D) Determine who would want to exploit a given vulnerability.
kuldeep saini
Sep 15, 2018, 8:49:38 AM9/15/18
to cissp...@googlegroups.com
It’s C) Itendify assets
--
===========================================================
Another resource brought to you by CCCure for our Learners
Having any issues, contact us at: sup...@cccure.com
Visit our NEW quiz at: https://cccure.education/
Visit our learning portal at: https://cccure.training
Visit the CCCure web store at: https://www.cccure.com
===========================================================
---
You received this message because you are subscribed to the Google Groups "CISSP Study Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cissptalks+...@googlegroups.com.
To post to this group, send email to cissp...@googlegroups.com.
Visit this group at https://groups.google.com/group/cissptalks.
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/CAE769V_B73eKpQbSoG%3D35z3gbvmbLkr2sQQ%2B0Y8JMAByi7UzpA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Anil Kumar K
Sep 15, 2018, 10:12:39 AM9/15/18
to cissp...@googlegroups.com
AIO book says A.
I see identify assets are part of risk assessment. Then the threat modeling continues.
Threat modeling is generally done during design phase as per official study guides. So why would one identify assets during threat modeling?
Clement if you can please clarify?
Thanks
Anil
Get Outlook for iOS
From: cissp...@googlegroups.com <cissp...@googlegroups.com> on behalf of kuldeep saini <kulde...@gmail.com>
Sent: Saturday, September 15, 2018 6:19:25 PM
To: cissp...@googlegroups.com
Subject: Re: [CCCure_CISSP_Talks] Threat Model
Sent: Saturday, September 15, 2018 6:19:25 PM
To: cissp...@googlegroups.com
Subject: Re: [CCCure_CISSP_Talks] Threat Model
To view this discussion on the web visit
https://groups.google.com/d/msgid/cissptalks/CABYsumZxtbCeB6njZPqb_O6YsVBL0FsG6t-N6P2a5UDAYu6ULg%40mail.gmail.com.
kuldeep saini
Sep 15, 2018, 12:04:38 PM9/15/18
to cissp...@googlegroups.com
It’s a strange choice to me.
When we create a threat model we put in place all software components which are either supporting asset or business asset then we start identifying weaknesses (vulnerability).
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/CY4PR03MB24210C28379EB090E4E512B1AB180%40CY4PR03MB2421.namprd03.prod.outlook.com.
Uday Kiran
Sep 16, 2018, 12:45:39 AM9/16/18
to cissp...@googlegroups.com
My assumption to the question is the option A, since before identifying assets OR if the threat source can exploit the vulnerabilities and the options D is ruled out for obvious reasons; the main task is to identify vulnerabilities in your environment then you can categorize your assets based on the criticality of the vulnerability.
Regards
I may be wrong but I believe the above is the right explanation.
Regards
Uday Kiran
To view this discussion on the web visit https://groups.google.com/d/msgid/cissptalks/CABYsumZBGmwochd%2BCQv4t69%2BMTz-Mv05qvRzj1jvRGmapqa-ZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Regards,
Uday Kiran
Uday Kiran
Reply all
Reply to author
Forward
0 new messages