Optimize Security Mitigation Effectiveness Using STRIDE
Understand how well your security countermeasures are working for you.
RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Making security decisions without the right information can result in:
- Unmitigated vulnerabilities allowed to persist.
- Potentially damaging security incidents.
- Wasted financial and human resources.
Understanding the threat landscape and mitigation effectiveness leads to:
- Informed business and security decisions.
- A defensible and quantified security roadmap.
- A proactive and right-sized security program.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Setup: Risk Tolerance, and Data and Element Inventory
The Purpose
- Discuss the organizational risk tolerance / risk management strategy.
- Establish a foundational frame for data and element categorization.
Key Benefits Achieved
- A map is created of the valuable data and which assets it flows through
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Validate pre-work (data classification, IT systems element inventory, rough data mapping). |
|
| 1.2 | Review Info-Tech’s quantified risk model and STRIDE threat model. |
|
| 1.3 | Begin threat modeling activity. |
|
Module 2: Threat Severity Assessment
The Purpose
- Perform a detailed analysis of the organizational threat and risk exposure.
Key Benefits Achieved
- Understand Info-Tech’s quantified threat severity model
- A map of the systems threat landscape
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Complete threat modeling activity |
|
Module 3: Control Maturity Assessment
The Purpose
- Catalog all the existing security capabilities and map them to the threats that they mitigate.
Key Benefits Achieved
- Security control capabilities and maturity mapped to the system threats
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Review the STRIDE security traits and threat – countermeasure relationships. |
|
| 3.2 | Perform a security control and maturity assessment. |
|
| 3.3 | Identify gap initiatives to address unacceptable risks. |
|
Module 4: Gap Initiative Identification and Prioritization
The Purpose
- Identify security gaps based on threat-control assessments.
- Create a prioritized roadmap and plan to implement gap initiatives.
Key Benefits Achieved
- Clearly identified and documented security gaps
- Prioritized list of initiatives required to address security gaps to the organizational needs
| Activities: | Outputs: | |
|---|---|---|
| 4.1 | Prioritize gap initiatives. |
|
| 4.2 | Make a plan to incorporate the gap initiatives into a security roadmap, and discuss how to integrate risk model into overall risk management decisions. |
|
