From the course: Introduction to Product Security
Join today to access over 25,300 courses taught by industry experts.
Assessing risk in product security
From the course: Introduction to Product Security
Assessing risk in product security
- [Instructor] We reviewed threat modeling in the previous video to give a good idea of how we can think like an attacker to anticipate the risks to our product and software. There are a few ways we can assess the risk as a result of our threat model. Let's start with some simple steps. Scope, define the boundaries of the risk assessment, including what was threat modeled, and any other closely tied technologies. This is an important aspect of a risk assessment. Too broad of a scope can result in too many risks to manage at once. If scope is too narrow, it can provide a false sense of security. Identify the important assets. Hopefully we have a fairly complete inventory of our software, hardware, intellectual property, and dependencies needed to develop the software. Once you have a properly identified scope, you'll want to narrow down which assets you will focus on. This may be easy for companies managing a single product versus a suite of products. Threat type. Consider the type of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.