Results 1 to 2 of 2

Thread: Threat Modeling

  1. #1
    Member d34dl0k1's Avatar
    Join Date
    Mar 2007

    Threat Modeling

    Anyone here have experience with STRIDE or OCTAVE? I'm fitting together a threat modeling process and I'm interested in hearing about others experiences in this area... for instance what timeframes this process takes and what kinds of deliverables come from it (if any)....

    Or whatever your company might do in terms of security process or change control...


  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    We used OCTAVE Method, geared for large organizations. I liked it because it was based on risk, rather than static rules. Diverse business units make static policies and approaches less than useful so the risk based approach really helped out because risk is a common element across all business lines. That said, the deliverable that came from OCTAVE was a well structured and planned approach on solving our HIPAA initiatives. CERT did produce something useful in this package because this package focuses on *what* has to be done but does not limit you on how to accomplish the work output.

    Anyway, FWIW.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Similar Threads

  1. Zero Day - The New Number One Threat To Data Security
    By JP in forum Miscellaneous Security Discussions
    Replies: 44
    Last Post: June 5th, 2006, 02:03 AM
  2. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  3. Apache update opens the door to a bigger threat
    By moxnix in forum *nix Security Discussions
    Replies: 2
    Last Post: October 23rd, 2004, 05:28 PM
  4. US - Homeland Security Threat Level
    By sirrahj in forum Cosmos
    Replies: 17
    Last Post: February 15th, 2003, 01:42 AM
  5. Cat3 threat upgrade:VBS.VBSWG.AQ
    By zigar in forum AntiVirus Discussions
    Replies: 0
    Last Post: June 6th, 2002, 03:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts