devici’s Post

A great approach that expresses threat modeling from the perspective of values and principles. This has a nice alignment with the Agile Manifesto. This is not a how-to guide, but a foundation on how to have the right attitude towards threat modelling. This is a foundation for scaling threat modeling practices. #cybersecurity #threatmodeling

🔍 Are threat modeling frameworks a game-changer in your cybersecurity strategy, or can you thrive without them? 🤔 Dive into this thought-provoking article to explore whether these frameworks are truly essential for your defense! 💡 Curious about the benefits and potential drawbacks of using threat modeling frameworks? This insightful read delves into the world of strategic decision-making, helping you uncover whether these frameworks align with your unique security needs. 💻 🔗 Read the article here: https://lnkd.in/gtgqcVsj Discover if threat modeling frameworks are your secret weapon or if you can forge your own path to a secure digital future. 🛡️💪 Join the conversation and make informed choices for your cyber defense! 📌 If you like our posts, follow a Certified Threat Modeling Professional (CTMP). We regularly create & share tips/resources & content on DevSecOps, Container Security, Threat Modeling, Cloud Native, & more. #ThreatModeling #Agile #DevOps #DevSecOps #Cybersecurity #OnlineSafety #ThreatModeling

💻 Want to improve your organization’s threat modeling approach? 🚨 Join us TOMORROW for 'Practical Threat Modeling Based on Community Templates' as James Tarala shows you how to leverage community-driven templates to enhance your security strategy. Register today!: https://lnkd.in/eG9sRzFe #RiskManagement #SecLeadership #ThreatModeling #LDR419

Excellent webcast exploring the intersection of Risk Management, Safeguarding Analysis and Threat Modeling. Whether you are Cyber Czar, Cyber Guru, Cyber Novice or just Cyber Curious, there is a takeaway for you. Highly recommended.

MITRE ATT&CK - Unlike DREAD and STRIDE, which focus more on potential risks and vulnerabilities, ATT&CK provides a practical and hands-on approach by mapping adversary tactics. DREAD DREAD - offers a more numerical and calculated approach to threat analysis than STRIDE or MITRE ATT&CK, making it excellent for clearly prioritizing threats. STRIDE - While other frameworks like MITRE ATT&CK focus on real-world adversary tactics, STRIDE shines in its structure and methodology, allowing for a systematic review of threats specific to software systems. PASTA - Excellent for aligning threat modelling with business objectives. Unlike other frameworks, PASTA integrates business context, making it a more holistic and adaptable choice for organizations. In general, all these frameworks significantly aid in reducing risks in organizations by: •            Enhancing threat awareness and identifying vulnerabilities •            Prioritizing risk mitigation efforts and optimizing security controls •            Continuous improvement and adaptation to evolving threats

Let's talk about 𝚙̲𝚛̲𝚘̲𝚌̲𝚎̲𝚜̲𝚜̲ ̲𝚖̲𝚊̲𝚙̲𝚙̲𝚒̲𝚗̲𝚐̲ ̲𝚒̲𝚗̲ ̲𝚌̲𝚢̲𝚋̲𝚎̲𝚛̲. Today most security teams are navigating the streets of cybersecurity with the equivalent of paper maps. 🗺 𝗛𝗲𝗿𝗲'𝘀 𝗵𝗼𝘄: 📝 Spreadsheets that are manually updated. ✍ Dashboards with manual inputs. 📂 Some teams parse log files, pulling together manually a string of events or indications to map a cybersecurity process like an incident response, one turn at a time. This is why root cause analysis is so incredibly painful and time consuming - without Gutsy. We move cybersecurity from paper maps and piecemeal analysis to integrated, cohesive, comprehensive live navigable systems that give you the equivalent of 𝘁𝘂𝗿𝗻-𝗯𝘆-𝘁𝘂𝗿𝗻 𝘃𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗮𝗻𝗱 𝗽𝗹𝗮𝗻𝗻𝗶𝗻𝗴. Watch how easy we've made it to adopt a process-centric mindset based on the 3-step vulnerability management example in the video below. Get a demo: https://lnkd.in/giX3mGtp

The #LifeSciences sector faces unique challenges in safeguarding its future: protecting intellectual property against #InsiderThreats. With the stakes higher than ever, how can organizations defend their medical breakthroughs? 📍 Join us for an enlightening discussion: "Insider Threats: Why the Stakes Are Higher for Life Sciences Organizations" Hosted by Code42 and Booz Allen Hamilton 👥 Joe Payne President and CEO, Code42 & Eric Ewald, Insider Risk Lead, Cyber Technology Solutions Group, Booz Allen Hamilton 📆 When? February 27th, 2024 | 12:30 PM - 1:15 PM EST Secure your spot today and learn how to integrate technology, people, and processes to mitigate data loss risks effectively. #insiderthreats #dataprotection #datasecurity #dlp

Visibility is at the foundation of effective Enterprise IT. We can't develop strategies without first knowing what we have and we most certainly can't effectively secure or modernize the assets on our digital terrains without first investing in comprehensive visibility. Check out this piece we teamed up on with Wiz...

Another great paper from #SOUPS and #USENIXSecurity was done by Stef Verreydt and the folks at DistriNet Research Unit @KU Leuven on #ThreatModeling practices in organizations. The biggest things that jumped out to me were that getting everyone into the room is a big inhibitor to threat modeling (something I've definitely experience myself). The others were around the outputs of threat modeling sessions, that generating the outputs takes a long time and there is not much follow-up after the fact. I know that some folks have templates that they use to help both guide threat modeling sessions and serve as a write-up form. Does anyone have any strategies to address these issues? Any templates that you think are good/help people adequately keep track of the results from threat modeling? Here's the paper: https://lnkd.in/eM5yAv35 #cybersecurity #SecureByDesign #academia #research

Latest from the labs! Continuous threat management is crucial in today’s digital landscape. Our July 2024 report highlights a surge in engagements with threat management content. See how these trends are driving change. #DataProtection #CyberTrends