For the last six weeks, I have had a chance to learned real practical lessons from the cybersecurity. The first two weeks, I learned how to create the Threat Model Process. Then the next two weeks, I have learned how to use the Threat Modeling tool. The last two weeks, I have learned how to perform the system analysis for a case study.
For the Threat Model Process, I have no experiences on this. Working on creating the Threat Model Process, I had a chance to study, do research, read other classmates’ work, and getting back the valuable feedback from the professors and classmates give me a good understanding about the Threat Model Process. Each enterprise would have a different type of businesses and each business required different security controls. I believe that if the company could come up with their own Threat Model Process, which could review by the experienced security experts, then the company can just use the Threat Model Process to verify all the threats, vulnerabilities, and risks within the organization and monitor then mitigate them. Having a good Threat Model Process and seriously practice on it, companies would be able to have a low number of security issues.
For the Threat Modeling Tool, which is the tool that is used to perform a systematic analysis of attack vectors. Through the homework and exercise for the class, I would be able to search, know, and learn many different Threat Modeling Tool, such as:
• SecuriCad by Forseeti – It is the “is a threat modeling and risk management tool that enables you, the user, to get a holistic understanding of your IT infrastructure, incorporating risks from both structural and technical vulnerabilities” (Kumar, 2013)
• ThreatModeler – It is the tool that helps to “Identify, predict and define threats across the entire attack surface to make proactive security decisions and minimize overall risk” (Threat Modeler, 2019)
• Irius Risk – “this tool helps create a threat model and derive security requirements in no time using a straightforward questionnaire based system” (Kumar, 2013).
• SD Elements by Security Compass – It is “An Advanced Automation Platform that Builds Security, Compliance, and Policy into Applications” (SecurityCompass, 2019)
• Microsoft Threat Modeling Tool 2016 - is a free tool that was designed by Microsoft. It is one of the best tools that can help any organization to create the threat modeling process.
For the system analysis, I have not had any experiences in performing any system analysis before. I came from a software development background and I have done a lot of design documents for various projects. However, system analysis is something that is a new concept for me. Though the assignment for the last two weeks, I had a chance to perform the system analysis for a case study. It was a good learning lesson. Along with reading the assignment, reviewing other classmates’ work, and especially the feedback from the professor, I have a good understanding of how to perform a system analysis. For example, when performing a system analysis for a company, I should identify all the current assets, processes, and policies within the current IT environment. Explain their function and their effects if something bad happens to them. A system analysis should be succinctly and all the complicated technical terms must be translated to the common business terms for the readers, mostly executives to understand.
So far, I really enjoy this class. It gives me a deeper knowledge and practical exercise for threats/vulnerabilities analysis. I am looking forward to the other half of this class to continue to learn more about security and different aspects of the cybersecurity field.
Reference:
Kumar, A. (2013, Dec 7). List of Threat Modeling Tools. Retrieved from https://vitalflux.com/list-of-threat-modeling-tools/
Threat Modeler. (2019). An automated threat modeling solution that secures and scales the enterprise software development life cycle. Retrieved from https://threatmodeler.com/
SecurityCompass. (2019). SD Element. Retrieved from https://www.securitycompass.com/sdelements/
No comments:
Post a Comment