These are dangerous times for a business. Every day brings another threat.
The sub-prime crisis, the crash of world financial markets, the price of oil (going way up and now going down again), an impending crash of the US sub-prime credit card market (like how long can you charge 35% over the top interest rates?), spam, zero-day attacks, identity theft and data loss vulnerabilities do not make life easy for a business of any size.
With one dollar to spend on security, how do you spend it? Before the next meeting with your manager (or shareholders) – I suggest doing a little threat modeling first.
What is Business Threat Modeling?
Business Threat Modeling (TM) is a practical way for executives to assess their security and compliance risk in dollars:
- Identify business threats and vulnerabilities
- Focus on asset management before information and security technology management.
- Quantify risk in dollar terms.
- Prioritize risk mitigation with the right countermeasures.
- Justify investments in security, compliance and risk management to the management board.
The Process
|
Business threat analysis |
Electronic risk assessment |
|
What are the data types and volumes of data leaving the network? Who is sending sensitive information out of the company? What network protocols have the most events? What are current violations of company Internet Accepted Usage Policy. |
Give us a call and ask for a free sample of our consulting services.
Great post. I will read your posts frequently. Added you to the RSS reader.