From the course: Learning Threat Modeling for Security Professionals
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Repudiating an order
From the course: Learning Threat Modeling for Security Professionals
Repudiating an order
- The R in STRIDE stands for repudiation. Repudiation is a little bit different than the other STRIDE threats. It's an uncommon word and it means disclaiming, denying or any way of saying you're not responsible for something. Saying, "I didn't get your email," is an act of repudiation. These threats are also a bit closer to the human meaning or impact than the other threats. Let's say an attacker succeeded at putting unauthorized ads into Topsy Turvy's account. When the bakery looks at their monthly bill they'll notice ads that don't look like theirs. And they'll repudiate. What happens next? Does Red 30 have a complaint mechanism that allows the issue to be tracked and managed or will a complaint spawn a million email threads? When an investigation starts, have the right things been logged? Logs are a way to look into what's already happened and it's hard to add them after the fact. Do the logs show security events like log-ins and password changes? Do they show each change to an add…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.