Threat Modeling Overview

00:00

Hello and welcome to another penetration testing, execution Standard discussion. Today we're going to go over our threat modeling overview as we get into threat modeling within the pee test standard. So our first section within threat modeling is going to be the modeling process. And this is just going to be a general overview

00:19

where we talk about what is threat modeling,

00:22

the high level process, some high level examples and high level modeling tools.

00:28

Then we're going to get into business asset analysis. So we're gonna talk about what it is. Organizational data, employee data, customer data, human assets in some different type of business assets within this review.

00:41

And then we'll talk about business process analysis what that is infrastructure supporting processes, information, assets, supporting processes, human assets and third party integration and or usage of by a process.

00:55

And this is essentially going to be all the technical, informational human components that make up critical

01:02

processes and procedures within an organization.

01:06

We're going to talk about threat agent and community analysis. What that is both internal and external components of that employees management, et cetera, and look at those particular areas within penetration testing.

01:19

We're going to do threat capability analysis. So we're gonna look at some analysis of tools and use availability to relevant exploits and payloads. And so what's out there?

01:30

Communication mechanisms that could be used an accessibility. Overall, we're going to talk about motivation modeling. So what? That is, And then we're gonna look at some different areas, like for profit hacktivism, direct grudge funding, reputation, further access to partner networks. And so those are just gonna be Cem

01:48

reasons that individuals may target an organization or take action against an organization.