Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Repeat after me: Model your security threats first

Roger A. Grimes | April 9, 2014
Organisations often deploy defenses before they know which attacks will nail them. A new book helps security pros model those threats and design defenses

You'll also find discussions about cloud threats, privacy exploits, and identity lifecycles. If you're in charge of threat modeling at your company, you're no doubt actively worrying about all three topics.

Clearly, Adam has been there and done that -- not just at a defender-versus-attacker tactical level, but in trying to implement threat modeling at an enterprise level. It's easy to model threats to a single program or process, but it's a lot harder to make it a part of an organization's DNA. The book helps by offering chapters dedicated to the success of enterprise implementations, including strategies, tools, and politics.

Most security professionals have a shortlist of people whom they admire as extraordinary teachers of computer security best practices, one that includes such luminaries as Bruce Schneier, Brian Krebs (who is having a movie made about him now), and Stephen Northcutt (of SANS). Add Adam Shostack's name to your list. He gets it right.

Source: InfoWorld


Previous Page  1  2 

Sign up for Computerworld eNewsletters.