From the course: ISC2 Certified Cloud Security Professional (CCSP) Cert Prep

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Threat modeling

Threat modeling

From the course: ISC2 Certified Cloud Security Professional (CCSP) Cert Prep

Start my 1-month free trial Buy for my team

Threat modeling

- [Instructor] Welcome to this lesson on threat modeling. In this lesson, we'll be talking about four different frameworks for threat modeling. The first one is STRIDE. The next one is DREAD, PASTA, and then finally, ATASM. Starting with STRIDE, STRIDE is a comprehensive model that was developed by the Microsoft organization, and it focuses on six key categories of threats. It's used to identify potential vulnerabilities in software systems, and each category represents a specific type of threat with corresponding mitigation strategies. Starting with spoofing, this is referring to systems and people that are pretending to be something that they're not. Next up, we have tampering, which is unauthorized altering of systems, configurations, and data. And then we have something called repudiation, which can sometimes be a confusing term, but it's talking about the ability of a person or a system to plausibly deny that they did or didn't take an action on a system. Next, we have…

Contents