From the course: Threat Modeling: Information Disclosure in Depth
Four-question framework
From the course: Threat Modeling: Information Disclosure in Depth
Four-question framework
- [Instructor] This course is part of a series on Threat Modeling and the STRIDE Threats. At the heart of threat modeling are four incredibly simple questions. What are we working on? What can go wrong? What are we going to do about it? And did we do a good job? These questions act as guideposts as your threat modeling and analyzing your work. If you're not sure why you're doing the work you're doing, tie that work to one of these questions. In this course, I'll be digging deep into the details of what can go wrong and what are we going to do about it through the lens of information disclosure and confidentiality. Information disclosure is a broad threat. I can disclose information about data in motion or data at rest. I can disclose information from a process, a file, or a device. Information gets disclosed as devices emit energy through with the spectrum, and it's disclosed because they use energy, and the use of energy exposes information. There's information disclosure in the cloud, in mobile, and from IoT devices. The mechanisms are different for each, but all result in a failure for confidentiality. Looking at these four questions during information disclosure lens is part of the systematic structured and comprehensive approach to security that your customers deserve.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.