|
|
2004-05-25Threat, Risks, and TrustJon's Radio: Threat Modeling. Jon Udell has a nice sampling of the ideas of threat modeling and the new possibilities of computer-assisted support for creating, populating, and maintaining threat analyses using such models.Michael Howard: Threat Modeling tool now available. This is the lead that Jon Udell followed. Michael Howard shows where to download the tool and Udell illustrates its application. I notice that threat modeling is not independent of risk management, and has some of the same imperatives with regard to maintenance of a current analysis and risk identification. When something changes, it is very important to rebuild the assessment and also update the model. Anderbill and I toy with the notion of "trust points." This is about seeing all the places in a system where there is an occasion of trust. This work on threat modeling has me wonder what the relationship to trust modeling might be, though I can also see trust models as being at a different level. My own exercises, mostly in thought problems, have trust points be at very deep points in terms of detail. I don't have a clear picture of the relationship, if any, between trust and threat vulnerability. I am missing something. This may be a place to dig deeper (and also in the existing terminology addressed to such matters).
Comments:
Post a Comment
|
|||
