The threat modelling workshop answers questions such as: Who should we protect ourselves from? What are the likely vectors the attackers are going to use?
Typical workshop details
AGENDA
Classifying assets by their business purpose and criticality
Evaluating what would be valuable to the attacker
Identifying likely and severe threats
OUTPUT
List of assets/applications mapped to business processes and stakeholders
List of assets that if “out of order” would halt or disrupt the business
List of most likely and most severe threats that need to be controlled
The actual agenda is planned together in the kick-off meeting.
Sertifioitu ja asiantunteva kumppani
Silverskin is a CREST certified penetration testing service provider. Continuous learning, etc.
