Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Threats are moving "up the stack" > Threat modeling - Pg. 32

32 Eleventh Hour Security : Exam SY0-201 Study Guide Rationale The motive behind computer attacks has shifted from generating large Denial- of-Service (DoS) to covert financially motivated attacks. Financially motivated attacks involve data that is withheld, manipulated, or resold for financial ben- efit, including personal information such as health and financial data being prime targets of cyber crime. Threat modeling Threat modeling is a comprehensive process for assessing a system's security risks and can be applied to any information system. A traditional vulnerability assessment performed within the corporate world involves the following tasks: Running an automated vulnerability scanning tool against an infrastructure Generating scan results and associating findings with a generic risk rating that was developed by the vulnerability scanning tool vendor Qualifying scan results and sending them out to the appropriate individ- uals for remediation