now ultimately, what we get to when we're looking at all of these potential issues and concerns with cloud based applications before we go live through the development stage. So
let me just say before we jump into the development stage probably better way to say it. We've got to do some serious threat. Mom,
we're looking at these applications that we're gonna make available to the masses and we've got to go through. And we've gotta figure out what can we do to mitigate risks? Asbestos possible, right? That's all we ever talk about. We don't talk about eliminating risks. We're just looking to mitigate.
Well, the process of threat modelling allows us to play that. What if game
where we say, Okay, here's what we're protecting. Here's the potential harm here. The probabilities, How can we lesson, right, So we're gonna start off with threat. Modeling is figure out what our secure the objectives are.
You know, if we're having to prioritize the C. I A. Triad is a confidentiality is an integrity availability. Are they all equal? And in order to determine what our focus is, we're gonna look at what the business drivers are
right. Is this information that it's okay if it gets disclosed, it just can't be modified or vice versa. So we figure out what the primary drivers are based on business needs, and then we're gonna do threat modeling, usually with threat modelling. We're thinking about use versus misuse.
All right, we know what this service can provide with this application can provide
how can what we provide be exploited. And then along with that, how we lock down our application or hard in that application to get the degree of security. That's appropriate. So that's what this next section is own. It's called Threat Model.