| Threat Modeling and Risk Analysis |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ | Identify
the possible compromises (threats) |
|||||||||||||
| ¨ | Identify
the scope of the analysis |
|||||||||||||
| – | What
is “outside the system” |
|||||||||||||
| – | What
assumptions are made about the environment in |
|||||||||||||
| which
the system is operated? |
||||||||||||||
| ¨ | For
each, scope out the perpetrators, the |
|||||||||||||
| likelihood,
and the expense if this threat becomes |
||||||||||||||
| real. |
||||||||||||||
| ¨ | Based
on this, perform a prioritization of risks so |
|||||||||||||
| that
limited development $$$ maximize |
||||||||||||||
| cost/benefit. |
||||||||||||||
|
|
| 600.436 High- |
|
| Assurance
Systems |
|
| Fall
01/Introduction |
| 23 |