Business threat modeling

These are dangerous times for a business. Every day brings another threat.

The sub-prime crisis, the crash of world financial markets, the price of oil (going way up and now going down again), an impending crash of the US sub-prime credit card market (like how long can you charge 35% over the top interest rates?), spam, zero-day attacks, identity theft and data loss vulnerabilities do not make life easy for a business of any size.

With one dollar to spend on security, how do you spend it? Before the next meeting with your manager (or shareholders) – I suggest doing a little threat modeling first.

What is Business Threat Modeling?
Business Threat Modeling (TM) is a practical way for executives to assess their security and compliance risk in dollars:
  • Identify business threats and vulnerabilities
  • Focus on asset management before information and security technology management.
  • Quantify risk in dollar terms.
  • Prioritize risk mitigation with the right countermeasures.
  • Justify investments in security, compliance and risk management to the management board.

The Process

Business threat analysis

Electronic risk assessment

  • Identify assets & vulnerabilities
  • Define countermeasures
  • Compose threat scenarios
  • Understand calculated risk
  • Optimize countermeasures for best risk reduction at lowest implementation and operations cost
What are the data types and volumes of data leaving the network?
Who is sending sensitive information out of the company?
What network protocols have the most events?
What are current violations of company Internet Accepted Usage Policy.

Give us a call and ask for a free sample of our consulting services.

Related Posts Plugin for WordPress, Blogger...
Tell your friends and colleagues about us. Thanks!
Share this

One thought on “Business threat modeling

Leave a Reply

Your email address will not be published. Required fields are marked *