Post on 14-Dec-2015
Threat Classes
Destruction - Blows House Down
Removal - Steals house by moving it off foundation
Disclosure - Listens in to conversations in the house
Interruption - Keeps knocking on the door preventing owner fromdoing work
Modification - Redecorates house (like Trading Spaces)
DR DIM
Little Pig #1 - Straw HouseThreat and Risk Assessment
Threat Likelihood Impact Risk
DestructionWolf blowsdownhouse
Low High Low
Pig #1 Straw HousePerformance Evaluation
One night the big bad wolf, who dearly loved to eat fat little
piggies, came along and saw the first little pig in his house of straw. He said "Let me in, Let me in, little pig or I'll huff and I'll puff and I'll blow your house in!” "Not by the hair of my chinny chin chin", said the little pig.
But of course the wolf did blow the house in and ate the first little pig.
Threat Assessment was wrong. Likelihood was incorrectly assessed.
Little Pig #3 - Post Straw House AttackThreat AssessmentThreat Likelyhood Impact Risk Safeguard Risk
WolfBlowingdownhouses
LowHigh (2pigs dead)
High LowHigh
BrickHouse
LowHigh
Safeguard
Administrative, Procedural or Technical mechanisms used to mitigate a threat.
Safeguards Cost to Implement
House made of Sticks (wind loading 10 mph) $2.00/bundleHouse made of Bricks (wind loading 70 mph) $1000/pallet
Typical Threat Events
EavesdroppingTraffic Flow AnalysisMasqueradingDenial of service
attacksRepudiationReplay
Covert Channel
Select Safeguards
AuthenticationAccess ControlConfidentialityIntegrityNon-repudiationAvailability -- redundancy,recovery,disaster