|
-
March 14th, 2008, 10:52 AM
#1
Threat Modeling
Anyone here have experience with STRIDE or OCTAVE? I'm fitting together a threat modeling process and I'm interested in hearing about others experiences in this area... for instance what timeframes this process takes and what kinds of deliverables come from it (if any)....
Or whatever your company might do in terms of security process or change control...
thanks 
-
March 14th, 2008, 03:10 PM
#2
We used OCTAVE Method, geared for large organizations. I liked it because it was based on risk, rather than static rules. Diverse business units make static policies and approaches less than useful so the risk based approach really helped out because risk is a common element across all business lines. That said, the deliverable that came from OCTAVE was a well structured and planned approach on solving our HIPAA initiatives. CERT did produce something useful in this package because this package focuses on *what* has to be done but does not limit you on how to accomplish the work output.
Anyway, FWIW.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Similar Threads
-
By JP in forum Miscellaneous Security Discussions
Replies: 44
Last Post: June 5th, 2006, 02:03 AM
-
By Tiger Shark in forum Microsoft Security Discussions
Replies: 5
Last Post: January 14th, 2005, 08:47 PM
-
By sirrahj in forum Cosmos
Replies: 17
Last Post: February 15th, 2003, 01:42 AM
-
By zigar in forum AntiVirus Discussions
Replies: 0
Last Post: June 6th, 2002, 03:57 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote