A threat-model framework helps you generate a list of potential threats and find ways to reduce or eliminate risk for your system. You learned about each threat category with its corresponding security controls.
In this module, you:
- Discussed each threat category in the threat-modeling framework.
- Learned about the security controls to help reduce or eliminate risk.
Did you know? There are many other frameworks you can use to accomplish different goals. Examples include using LINDDUN for privacy threats and attack trees for penetration-testing teams. Attack trees help determine how an attack can take place with an "assumed breach" mentality.
- LINDDUN: privacy threat-modeling methodology that supports analysts in systematically finding and resolving privacy threats in software architectures.
- Cyber kill chain: describes the typical workflow, including techniques, tactics, and procedures used by attackers to infiltrate an organization's networks and systems.