Time
13 hours 9 minutes
Difficulty
Intermediate
CEU/CPE
13

Video Transcription

00:00
Hello and congratulations. You've made it to the threat modeling summary for the penetration testing, execution standard.
00:09
So
00:10
what did we learn so far?
00:12
Well,
00:13
we looked at a general modeling process with respect, the threat modeling. We gave you a high level process and kind of did an overview of that. We used an example to demonstrate how that process could be worked and how you could go about modeling threats and looking at critical and secondary systems or primary and secondary systems.
00:32
And we looked at some tools such a CVS s scores and other methodologies
00:37
forthright modeling.
00:39
We looked at business asset analysis of what it was and the different data types within that, such as organizational data and pulley data, customer data and human assets. And how those can overall impact and organizations well, being with respect to them being compromised or having issues.
00:58
We looked at business process analysis that we discussed what it is. We looked at technical infrastructure, information assets, human assets and third party integrations with respect to how they support the overall business processes and how if they were impacted, they could cause issues, downtime, loss of reputation,
01:15
things of that nature. When we're looking at threat modeling,
01:19
we looked at threat agent and community analysis. We discussed what that was. We discussed employees and management and, overall, how to lay out the potential threats to an organization. We then went on to discuss threat capability analysis, discussing some tools that could be used by different parties and the likelihood they could use these tools,
01:38
relevant exploits and payloads that may be available to certain parties.
01:42
Communication mechanisms that could be used by those parties and accessibility overall to the internal systems and data sets that the threats could pose a risk to.
01:52
We looked at motivation modeling where we just discussed what that was and some of the different things that would motivate someone. Profit hacktivism, direct Reg is fun reputation, further access to a partner connected system. The sky's the limit as faras motivations, and I'm sure there are people out there that will just make things up to motivate them to do things.
02:12
And then we discussed relevant news and how to go about looking at relevant news for an organization again focusing on the last 12 months if Abel and stained with in a vertical that way We have some stories and some particular events that hit close to home and would be applicable to the client organization that you're working with.
02:30
So with that in mind, I want to thank you for your time today,
02:35
and I look forward to seeing you again soon.

Up Next

Penetration Testing Execution Standard (PTES)

In this course we will lay out the Penetration Testing Execution Standard (PTES) in all its phases and their application for business leaders and Security Professionals alike.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor