Tag: PTA

  • How to assess risk – Part II: Use attack modeling to collect data

    In my article – “How to assess risk – Part I: Asking the right questions”, I talked about using attack modeling as a tool to collect data instead of using self-assessment check lists. In this article, I’ll drill down into some of the details and provide some guidelines on how to actually use attack modeling […]

  • Business process mapping and risk management

    Many risk management consultants tell organizations that they must perform a detailed business process mapping and build data flow diagrams of data and users who process data in order to achieve compliance and reduce the operational risk of information security. This is a very bad idea. Business process mapping is an expensive task to execute […]

  • The financial impact of cyber threats

    Kudos to ANSI for publishing a free guide to calculating cyber risk. Better late than never – thousands of security professionals in the world use the Microsoft Threat Modeling Tool and the popular free threat modeling software PTA, to calculate risk in financial terms – not to mention the thousands of other users of risk […]

  • Risk Assessment is a threat to vendors

    I took a couple hours out from work today to pop over to Infosec 2008 in Airport CIty. I don’t normally go to these events unless I’m invited to speak – but it is a good networking opportunity and chance to reconnect with old friends and colleagues. Whenever I go somewhere – I’m always looking […]