User Tools

Site Tools


threat_modelling

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
threat_modelling [2019/08/15 14:07] – neilthreat_modelling [2021/10/15 10:25] (current) – neil
Line 5: Line 5:
  
 You’ll sometimes see this described as “threat modelling” or understanding your "risk scenario". You’ll sometimes see this described as “threat modelling” or understanding your "risk scenario".
 +
 +If you are still no wiser about where you should start, try the UK National Cyber Security Centre's [[https://www.ncsc.gov.uk/cyberaware/actionplan|Cyber Security Self-Assessment Tool]].
  
 ====Key points ==== ====Key points ====
-  * [[threat_modelling#What are trying to protect?|What are trying to protect?]]+  * [[threat_modelling#What are you trying to protect?|What are you trying to protect?]]
   * [[threat_modelling#Create an information asset register|Create an information asset register]]   * [[threat_modelling#Create an information asset register|Create an information asset register]]
   * [[threat_modelling#Who is your threat?|Who is your threat?]]   * [[threat_modelling#Who is your threat?|Who is your threat?]]
Line 15: Line 17:
   * [[threat_modelling#Make this a regular thing|Make this a regular thing]]   * [[threat_modelling#Make this a regular thing|Make this a regular thing]]
  
-====What are trying to protect?====+====What are you trying to protect?====
 The reason you do this is that, without knowing the threats against which you’re trying to protect, you don’t know what mitigations you need to have in place. And, since you probably can’t do everything at once, you’ll need to understand the greatest threats you face, and so which are deserving of the greatest attention, and what measures are “nice to haves”, which could be done at some point in the future. The reason you do this is that, without knowing the threats against which you’re trying to protect, you don’t know what mitigations you need to have in place. And, since you probably can’t do everything at once, you’ll need to understand the greatest threats you face, and so which are deserving of the greatest attention, and what measures are “nice to haves”, which could be done at some point in the future.
  
threat_modelling.1565878077.txt.gz · Last modified: 2021/07/06 09:26 (external edit)