Performing Threat Modeling with the OCTAVE Methodology
This course focuses on utilizing the OCTAVE Methodology to identify critical assets, infrastructure vulnerabilities, and an overall protection plan.
What you'll learn
Creating a protection plan to protect your organizations critical assets can be a daunting task. In this course, Performing Threat Modeling with the OCTAVE Methodology, you will utilize the OCTAVE methodology. First, you will learn how to create security requirements. Next, you will learn how to identify infrastructure vulnerabilities. Finally, you will use the information gathered in the methodology to create an overarching security plan that reduces risk, and can be used on a continual basis. When you are finished with the course, you will have the skills and knowledge of performing the OCTAVE Methodology to reduce risk, identify critical assets, and infrastructure vulnerabilities needed to create a security program that is customized to your organization.
Table of contents
- Overview 0m
- Phase 1 Goals 3m
- Levels of Involvement 3m
- The 4 Processes 1m
- Process 1 2m
- Characterize Key Enterprise Assets and Describe Threats to Assets 3m
- Describe Current and Planned Strategy to Protect Assets 1m
- Identify Risk Indicators and Select Operational Areas to Evaluate 2m
- Process 1 Summary 1m
- Process 2 1m
- Characterize Assets in Relation to Enterprise Assets 1m
- Select Staff to Evaluate 1m
- Summary of Process 2 1m
- Process 3 1m
- Characterize Assets in Relation to Operational Area and Enterprise Assets 1m
- Summary of Process 3 1m
- Process 4 Establishing Security Requirements 1m
- Map Assets and Combine Threats 2m
- Collect Protection Strategies and Risk Indicators 2m
- Security Requirements and Protection Strategy 2m
- Process 4 Summary 1m
- Overview 1m
- Phase 2 Goals 1m
- The 2 Processes 0m
- Process 5 1m
- Identify Configuration of the Infrastructure and Consolidate Identified Assets within Identified Infrastructure 2m
- Examine Asset Access Paths and Data Flows 2m
- Identify Supporting and Related Assets and Determine High Priority Components of the Infrastructure 2m
- Process 5 Summary 1m
- Process 6 1m
- Select Intrusion Scenarios and Set Scope of the Infrastructure Examination 3m
- Examine Infrastructure 1m
- Summary of Process 6 1m
- Determining Security Risk Management Strategy 1m
- Phase 3 Goals 2m
- The 2 Processes 1m
- Process 7 1m
- Determine Points of Vulnerability in Intrusion Scenarios 2m
- Examine Assets Exposed 2m
- Examine Threats to Exposed Asset 1m
- Construct a Statement of Risk and Determine Priority Risks to the Enterprise 2m
- Process 7 Summary 1m
- Process 8 1m
- Identify Candidate Mitigation Approaches 1m
- Develop Protection Strategy 1m
- Develop a Comprehensive Plan to Manage Security Risks 2m
- Implement Selected Protection Strategy 1m
- Process 8 1m
- Summary of 3 Phases 3m
About the author
Dr. Shaila Rana is the Founder of CyberSecure and the Co-Founder of ACT Research Institute. Dr. Rana also serves as a Graduate Professor of Information Technology and Cybersecurity. She holds a PhD specializing in Information Systems Security and holds an MS in Cybersecurity. She has a background consisting of both education and industry experience. Her passion is to help people protect themselves, their families, and their communities against cyber threats and attacks.