Time
7 hours 33 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello. I like the working back to cyber is comped here. Certified advance secretive practitioners certification. Preparation course.
00:09
We're gonna continue our discussion off Marge number two, which is titled Barnum Bailey Management. These on objectives, which encompasses marginal too.
00:18
We're gonna continue on I discuss enough cyber security research
00:23
and in fact, let's section one side security research.
00:27
In the previous video, we begin in prices by discussing the new cybersecurity world. In fact, we learned it is a bold new world. We also introduced the cyber Court. We learned that cyber crimes, in fact are increasing in terms of the sophistication and obviously becoming much more deliver it.
00:43
And so that braces now to why threat model
00:48
now wanna waste When you think about that question, the first thing that comes to mind is what you want to do is create a common understanding among your technical and management stakeholders. We also want ensure that the design and code is written to protect our critical assets. That makes the question.
01:06
What when we talk about assets were in fact, I was referring to
01:10
assets. Example. Could be your computers. It could be the laptops. It could be your routers and so forth. So the first thing that we need to do in order me to contend with these various threats we need identify what our assets are. Other words. The most valuable assets we have, or the one that presents the greatest threat to us are our people.
01:30
So what we want to do is find creative ways to what
01:33
mitigate those threats. One way we can mitigate the threat that posed by people, which are the most valuable resource is what by providing security awareness type training.
01:42
So that brings us back to a wide threat model, because what it does it a lot of your own, is age to what make better decisions enable you to prioritize your security efforts. In other words, to be to allocate your resource is which again, perhaps for the most part ah, very limit it also neighbor, you understand your organizational weaknesses,
02:00
A table you know, wait. A security design against a functional design
02:05
goes as well. So let's take a look at drift modeling in a nutshell.
02:09
But the words
02:10
it comes to that I want to make this point quite clear and enables you to understand the architect and security promise it was. You'd identify your assets and rolls able you're built an activity type metrics. And have you identified the threats that put the assets? In fact, at risk to the realities is that's nothing that we can do
02:29
totally protect our assets.
02:31
But what we can do. We confined through the prices of risk manager find creative ways to what mitigate a minimize the impact of those various threats. So again, with threat. Mullen in a nutshell, it defines a set of attacks
02:45
and or negative scenarios identify testable conditions. Also a system probability. The harm the pride is wasn't been its impact.
02:53
If these particular threats, obviously again, were actually ah, we're able to take place, in other words, but what we don't do proactively, it's what try to minimize the impact from the *** from the onset. In other words,
03:09
therefore, summarizing your enterprise risk threat, Mullen allows you to get ahead of it and plan, because reality this planet is everything. If you fail to plan, you plan to feel, so you gotta have a viable plan in place. So what happened is we look at threat money it if you understand that threats
03:28
as the risk. Other words of risk is a total born, certainly before deployment. You can what, in fact, reduce the skirt impact to development schedule as well. It's cause most of solutions make tradeoffs between your security as well as your functionality. Because the reality is we never can reach a point will be 100% secure
03:46
because if we are in fact 100% secure,
03:49
we won't be connected in that we will be 100% secure. But in fact we won't be able to compete in the global marketplace. And we was, for example, not to be connected to the inn. That threat model help you plan and prioritize effectively.
04:01
So again, this particular chart illustrates threat mauling in terms of methodology in terms of features, we see the various types here
04:09
from the Ark Leif, we see again the Microsoft and so forth. So again, this chart here shows what use of want in a threat. Malan type methodology.
04:19
We get we come to term called threat rating threat Reading is a quantitative measure of your network threats levels after again and choosing prevention system mitigation process takes place the form for threat rating is a threat. Rating. Equal the threat. Risk Rating. Modesty alert. Ready
04:39
now Our F C stands for request for comments is a pure technical document published by the Internal Engineering Task Force. The request for comments are mainly used to develop a standard network protocol, a functioning network protocol off any feature, which is related to again with our network communication.
04:57
This raises to a post assessment question.
05:00
What is the fender activities for improvement? Security by identifying objectives and vulnerabilities and then defining kind of marriage is to prevent or mitigate the effects of threats to your system. Call
05:13
if you said like that, be your absolute creates called threat marlin. So Threat Model is a family of activities for improving the security by identifying objects and vulnerabilities and then defining kind of measures to prevent and or mitigate the effects of the threats to your very systems.
05:30
Now, during this particular margin, we discussed a new cybersecurity world we learned enter that we out for body with introductions. Cybercrimes discuss instant trends. We took a look at the term called Threat Marlon as well a threat models and then we took a look at threat Molly Methodology features as well.
05:46
In the upcoming presentation, which is titled Section Number two,
05:50
We Go Ting on by discussing vulnerability assessments. Look forward to seeing you in the next video.

Up Next

CompTIA CASP+

In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor