Time
9 hours 48 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:00
now ultimately, what we get to when we're looking at all of these potential issues and concerns with cloud based applications before we go live through the development stage. So
00:13
let me just say before we jump into the development stage probably better way to say it. We've got to do some serious threat. Mom,
00:20
we're looking at these applications that we're gonna make available to the masses and we've got to go through. And we've gotta figure out what can we do to mitigate risks? Asbestos possible, right? That's all we ever talk about. We don't talk about eliminating risks. We're just looking to mitigate.
00:38
Well, the process of threat modelling allows us to play that. What if game
00:42
where we say, Okay, here's what we're protecting. Here's the potential harm here. The probabilities, How can we lesson, right, So we're gonna start off with threat. Modeling is figure out what our secure the objectives are.
00:57
You know, if we're having to prioritize the C. I A. Triad is a confidentiality is an integrity availability. Are they all equal? And in order to determine what our focus is, we're gonna look at what the business drivers are
01:11
right. Is this information that it's okay if it gets disclosed, it just can't be modified or vice versa. So we figure out what the primary drivers are based on business needs, and then we're gonna do threat modeling, usually with threat modelling. We're thinking about use versus misuse.
01:29
All right, we know what this service can provide with this application can provide
01:34
how can what we provide be exploited. And then along with that, how we lock down our application or hard in that application to get the degree of security. That's appropriate. So that's what this next section is own. It's called Threat Model.

Up Next

Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor