CISSP Domain 3 Notes - Security Architecture and Engineering

Study Guide 9th edition

Research, Implement and manage Engineering processes using secure design principles

Threat Modelling

Prioritizing threats against an organisation’s valuable assets.

3 common Threat Modelling Techniques to Identify Threats:

• Focused on Assets
• Focused on Attackers
• Focused on Software

Threat Modelling Approach

A model used by BCP team to identify and asses threats against applications or operating systems. STRIDE is a threat categorization scheme developed by Microsoft.

Process for Attack Simulation and Threat Analysis (PASTA)

A seven-stage threat modelling methodology. PASTA is a risk-centric approach that aims at selecting or developing countermeasures in relation to the value of the assets to be protected.

Next step after Threat Modelling is ‘Reduction Analysis’ (Decomposition of application, system or…